Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.4 views

CVE-2025-13935

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'markcoursecomplete' function. This makes it possible for authenticated...

4.3CVSS5.7AI score0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/09 7:22 a.m.2 views

CVE-2025-13935 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'markcoursecomplete' function. This makes it possible for authenticated...

4.3CVSS5.3AI score0.00202EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/09 7:22 a.m.27 views

CVE-2025-13935 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'markcoursecomplete' function. This makes it possible for authenticated...

4.3CVSS0.00202EPSS
Exploits0References2
CVE
CVE
added 2026/01/09 7:22 a.m.11 views

CVE-2025-13935

CVE-2025-13935 affects Tutor LMS – eLearning and online course solution for WordPress. Description confirms missing enrollment verification in mark_course_complete, allowing authenticated users with Subscriber+ privileges to mark any course as completed. Connected sources corroborate the issue as...

4.3CVSS5.3AI score0.00202EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/18 7:32 p.m.2 views

CVE-2025-64400 Insufficient permission checks when pre-enrolling users Summary

Control Panel provides an API for pre-registering into an enrollment and organization prior to a user's first login. The API for creating users checks that the account requesting a user creation has edit on the enrollment-level user directory, but is missing a separate check that the enrollment...

4.1CVSS6.4AI score0.00179EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/11/19 5:15 p.m.23 views

CVE-2020-25698

Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier...

7.5CVSS6.4AI score0.01895EPSS
Exploits0References3
Rows per page
Query Builder