43 matches found
CVE-2026-57694 WordPress Tutor LMS plugin <= 3.9.13 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.13...
CVE-2026-57694
CVE-2026-57694 affects the WordPress Tutor LMS plugin up to version 3.9.13, describing an insecure direct object reference (IDOR) vulnerability that enables an authorization bypass via a user-controlled key. The root cause is misconfigured access controls that allow access to restricted resources...
CVE-2026-40743
CVE-2026-40743 corresponds to an Unauthenticated Broken Access Control in the WordPress Tutor LMS plugin, versions
WordPress Tutor LMS plugin <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter vulnerability
Authenticated Admin+ SQL Injection via 'date' Parameter vulnerability discovered by PRISM in WordPress Plugin Tutor LMS versions = 3.9.8...
CVE-2026-40740 WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.7...
WordPress Tutor LMS plugin <= 3.9.7 - Missing Authorization to Authenticated (Subscriber+) Unauthorized Private Course Enrollment vulnerability
Missing Authorization to Authenticated Subscriber+ Unauthorized Private Course Enrollment vulnerability discovered by Mohammad Amin Hajian mamadrce in WordPress Plugin Tutor LMS versions = 3.9.7...
๐ WordPress Tutor LMS 3.9.5 Insecure Direct Object Reference
WordPress Tutor LMS plugin versions 3.9.5 and below suffer from broken access control and insecure direct object reference vulnerabilities. CVE-2026-1375: Authenticated IDOR / Broken Access Control in Tutor LMS Plugin Disclaimer: This repository is created for educational purposes and ethical...
CVE-2026-23799 WordPress Tutor LMS plugin <= 3.9.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.5...
CVE-2026-23799
CVE-2026-23799 is a Missing Authorization / Broken Access Control flaw in Themeum Tutor LMS (Tutor LMS) up to version 3.9.5. CVSSv3.1 vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N with base score 6.5 (Medium). Public sources (NVD, Red Hat, CVE List, Patchstack, AttackKB, VulnEnrichment) id...
WordPress Tutor LMS plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Course Completion vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.2...
CVE-2025-47555 WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.4...
WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Supakiad S. m3ez in WordPress Plugin Tutor LMS versions = 3.9.4...
CVE-2025-63042 WordPress Tutor LMS Elementor Addons plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through = 3.0.1...
WordPress Tutor LMS plugin <= 3.8.3 - Missing Authorization to Sensitive Information Exposure vulnerability
Missing Authorization to Sensitive Information Exposure vulnerability discovered by sergioframi in WordPress Plugin Tutor LMS versions = 3.8.3...
WordPress Tutor LMS plugin <= 3.8.3 - Missing Authorization to Unauthenticated Payment Status Update vulnerability
Missing Authorization to Unauthenticated Payment Status Update vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Tutor LMS versions = 3.8.3...
PT-2025-34512 ยท WordPress ยท Sertifier Certificate & Badge Maker For Wordpress โ Tutor Lms
Name of the Vulnerable Software and Affected Versions: Sertifier Certificate & Badge Maker for WordPress โ Tutor LMS plugin versions prior to 1.20 Description: The Sertifier Certificate & Badge Maker for WordPress โ Tutor LMS plugin is susceptible to Cross-Site Request Forgery CSRF due to missing...
WordPress Tutor LMS plugin <= 3.4.0 - HTML Injection vulnerability
HTML Injection vulnerability discovered by Revan Arifio in WordPress Plugin Tutor LMS versions = 3.4.0...
WordPress Tutor LMS Elementor Addons plugin <= 2.1.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Tutor LMS Elementor Addons versions = 2.1.5...
WordPress Tutor LMS plugin <= 2.7.6 - Unauthenticated SQL Injection via rating_filter vulnerability
Unauthenticated SQL Injection via ratingfilter vulnerability discovered by mikemyers in WordPress Plugin Tutor LMS versions = 2.7.6...
WordPress Tutor LMS Plugin <= 2.7.6 is vulnerable to SQL Injection
Software Tutor LMS Type Plugin Vulnerable versions = 2.7.6 Fixed in 2.7.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10400 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d0515de5a39b Credits mikemyers Required privilege Unauthenticated Publishe...