Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.5 views

CVE-2025-13935

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'markcoursecomplete' function. This makes it possible for authenticated...

4.3CVSS5.7AI score0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/09 7:22 a.m.2 views

CVE-2025-13935 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'markcoursecomplete' function. This makes it possible for authenticated...

4.3CVSS5.3AI score0.00202EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/09 7:22 a.m.28 views

CVE-2025-13935 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'markcoursecomplete' function. This makes it possible for authenticated...

4.3CVSS0.00202EPSS
Exploits0References2
CVE
CVE
added 2026/01/09 7:22 a.m.13 views

CVE-2025-13935

CVE-2025-13935 affects Tutor LMS – eLearning and online course solution for WordPress. Description confirms missing enrollment verification in mark_course_complete, allowing authenticated users with Subscriber+ privileges to mark any course as completed. Connected sources corroborate the issue as...

4.3CVSS5.3AI score0.00202EPSS
Exploits0References2
Rows per page
Query Builder