Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Unauthenticated network SQLi against a WordPress plugin reaches the shared DB (scope change, C:H); blind/UNION SQLi typically allows at least limited writes and minor availability impact, so I:L/A:L rather than I:N.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions.
AnalysisAI
SQL injection in Tutor LMS Pro (Themeum) versions 3.9.6 and earlier allows remote unauthenticated attackers to inject arbitrary SQL against the underlying WordPress database. The CVSS 9.3 rating reflects a scope change with high confidentiality impact, meaning data accessible to the WordPress backend can be exposed. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Target must be a WordPress site running Tutor LMS Pro version 3.9.6 or earlier with the plugin activated and its public endpoints reachable over HTTP/HTTPS; no authentication, user interaction, or non-default configuration is required (PR:N/UI:N/AC:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Risk is high. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker enumerates WordPress sites running Tutor LMS Pro (fingerprintable via /wp-content/plugins/tutor-pro/ asset paths) and sends a crafted HTTP request to a vulnerable plugin endpoint with malicious SQL appended to an injectable parameter. The injection extracts password hashes from wp_users along with student records and payment metadata from Tutor LMS tables. … |
| Remediation | Upgrade Tutor LMS Pro to a version newer than 3.9.6 - Upstream fix available per Patchstack advisory; released patched version not independently confirmed from the provided data, so consult the Themeum changelog and the Patchstack entry at https://patchstack.com/database/wordpress/plugin/tutor-pro/vulnerability/wordpress-tutor-lms-pro-plugin-3-8-3-sql-injection-vulnerability for the exact fixed build. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Tutor Lms Pro
View allSame weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37655