CVE-2026-8653

The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to a generic SQL Injection via the 'columns' parameter in all versions up to and including 4.8.20, caused by insufficient escaping of the user-supplied value and inadequate query preparation. Authenticated attackers with instructor-l...

PT-2026-46129

The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

WordPress MasterStudy LMS Pro plugin <= 4.8.20 - Authenticated (Instructor+) SQL Injection vulnerability

Authenticated Instructor+ SQL Injection vulnerability discovered by Rafie Muhammad - Awesome Motive, Inc. in WordPress Plugin MasterStudy LMS Pro versions = 4.8.20...

PT-2026-45904

Patch Priority: Sitefinity Credential Exposure with likely internet exposure CVSS 9.8-10.0 Affected: Progress Sitefinity; OpenMed; Spacelabs Sentinel; Masteriyo LMS PRO; Kirki Internet-facing risks dominate, led by Sitefinity and multiple pre-auth remote code execution and privilege escalation...

CVE-2025-53209 WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

CVE-2025-53209

Masteriyo LMS PRO (WordPress)

CVE-2025-53209

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

CVE-2025-53209 WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad in WordPress Plugin MasterStudy LMS Pro versions 4.7.16...

WordPress Academy LMS Pro plugin < 3.5.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by luc in WordPress Plugin Academy LMS Pro versions 3.5.2...

EUVD-2026-15717

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through = 3.9.4...

CVE-2026-25406

CVE-2026-25406 is a authentication bypass vulnerability in Themeum Tutor LMS Pro (tutor-pro) affecting versions up to and including 3.9.4. The issue is described as an authentication abuse via an alternate path or channel. Remediation from multiple sources recommends updating to a version later t...

CVE-2026-25406 WordPress Tutor LMS Pro plugin <= 3.9.4 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through = 3.9.4...

WordPress plugin Tutor LMS Pro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-27940

Name of the Vulnerable Software and Affected Versions Themeum Tutor LMS Pro versions prior to 3.9.4 Description An authentication bypass issue exists in Themeum Tutor LMS Pro, allowing authentication abuse. The issue involves using an alternate path or channel to circumvent normal authentication...

WordPress Tutor LMS Pro plugin <= 3.9.4 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Phat RiO in WordPress Plugin Tutor LMS Pro versions = 3.9.4...

CVE-2026-0953

The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...

WordPress Tutor LMS Pro plugin <= 3.9.5 - Authentication Bypass via Social Login vulnerability

Authentication Bypass via Social Login vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Tutor LMS Pro versions = 3.9.5...

EUVD-2026-10472

The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...

EUVD-2026-10473

The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...