Skip to main content

Tutor Lms

49 CVEs product

Monthly

CVE-2026-57694 MEDIUM This Month

Insecure Direct Object Reference (IDOR) in Tutor LMS WordPress plugin allows authenticated low-privilege users to bypass authorization controls by manipulating user-controlled keys, resulting in unauthorized modification of LMS objects such as courses, lessons, or student records. Affected versions span all releases through 3.9.13 by Themeum. No confirmed active exploitation (KEV) or public exploit code has been identified at time of analysis, but the low attack complexity and wide WordPress deployment surface make this a credible integrity risk for any site running an unpatched version.

Authentication Bypass Tutor Lms
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-12275 HIGH POC PATCH This Week

Broken authorization in the Tutor LMS WordPress plugin (before 3.9.13) lets authenticated subscriber-level users bypass paid/private-course access controls when the Droip or Kirki page-builder integration is active. Because these integration handlers omit the enrollment, purchase, and private-course capability checks enforced in the core course handler, low-privileged accounts can self-enroll in paid or private courses, read otherwise-restricted content, and mark arbitrary courses complete. Reported by WPScan with publicly available exploit detail and a vendor patch released; no active exploitation is currently listed in CISA KEV.

WordPress Information Disclosure Tutor Lms
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-12274 MEDIUM POC PATCH This Month

Broken object-level authorization in the Tutor LMS WordPress plugin before 3.9.13 allows any authenticated instructor-level user to overwrite and take over arbitrary posts or pages sitewide, including administrator-owned content. The content-builder save handler validates the request against an unrelated identifier rather than confirming the requesting user owns or is permitted to edit the target post, making the authorization check entirely ineffective. A publicly available proof-of-concept exploit exists; no active exploitation has been confirmed by CISA KEV at time of analysis, though the low barrier (instructor account only) and high integrity impact elevate real-world risk significantly.

Information Disclosure WordPress Tutor Lms
NVD WPScan
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-12273 MEDIUM POC PATCH This Month

Tutor LMS WordPress plugin (all versions before 3.9.13) allows authenticated users with subscriber-level access to post auto-approved comments containing arbitrary HTML and external links on any site content, bypassing the comment moderation queue entirely. The vulnerable comment handler performs no authorization check and no post-target validation before creating comments, making this exploitable by any registered user on sites with open registration - a common LMS deployment pattern. A publicly available POC from WPScan exists; no CISA KEV listing indicates confirmed mass exploitation, but the low privilege bar and POC availability make this a realistic content-integrity threat.

Authentication Bypass WordPress Tutor Lms
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-12271 MEDIUM POC PATCH This Month

Missing ownership verification in Tutor LMS WordPress plugin before 3.9.13 allows any authenticated subscriber-level user to overwrite other students' quiz attempt records, including their scores and pass/fail status. The flaw is an insecure direct object reference (IDOR) pattern: the plugin writes to quiz attempts without confirming the requesting user owns that attempt. A public exploit exists per WPScan, meaning the technique is documented and reproducible; however, this CVE is not listed in the CISA KEV catalog, indicating no confirmed mass exploitation at time of analysis.

Information Disclosure WordPress Tutor Lms
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-40743 MEDIUM This Month

Broken access control in Tutor LMS WordPress plugin versions up to and including 3.9.7 permits unauthenticated remote attackers to bypass authorization checks and access or modify restricted LMS resources. The flaw, classified as CWE-862 (Missing Authorization), stems from the plugin failing to enforce appropriate permission checks before executing sensitive operations. No active exploitation has been confirmed by CISA KEV and no public exploit code has been identified at time of analysis, though the unauthenticated attack vector and low complexity make this straightforward to exploit opportunistically.

Authentication Bypass Tutor Lms
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-40740 MEDIUM This Month

Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.7.

Authentication Bypass Tutor Lms
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-32223 MEDIUM This Month

An authorization bypass vulnerability exists in Themeum Tutor LMS through version 3.9.4 that allows authenticated users to access resources they should not have permission to view through user-controlled keys in the access control mechanism. This Insecure Direct Object Reference (IDOR) vulnerability affects all Tutor LMS installations up to and including version 3.9.4, enabling an attacker with low privileges to read sensitive data by manipulating object identifiers. The vulnerability has a CVSS score of 6.5 reflecting moderate severity with high confidentiality impact, and while no KEV or widespread POC exploitation has been publicly confirmed, the attack requires only network access and valid authentication credentials.

Authentication Bypass Tutor Lms
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-10400 HIGH POC PATCH THREAT This Week

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘rating_filter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress Tutor Lms
NVD
CVSS 3.1
7.5
EPSS
82.5%
CVE-2024-10393 MEDIUM PATCH This Month

The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Tutor Lms
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-43142 HIGH This Week

Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Tutor Lms
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-5784 HIGH This Week

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treport_quiz_atttempt_delete and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Tutor Lms
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-39645 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.7.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Tutor Lms
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-43282 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.7.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Tutor Lms
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-43231 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.7.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tutor Lms
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37947 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.7.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tutor Lms
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-37266 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.7.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Tutor Lms
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-37256 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.7.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Tutor Lms
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-5438 MEDIUM PATCH This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Tutor Lms
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-4902 HIGH PATCH This Week

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Tutor Lms
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-4352 HIGH Act Now

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 23.3% and no vendor patch available.

SQLi WordPress Authentication Bypass Tutor Lms
NVD
CVSS 3.1
8.8
EPSS
23.3%
CVE-2024-4351 HIGH Act Now

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 31.0% and no vendor patch available.

Authentication Bypass SQLi WordPress Tutor Lms
NVD
CVSS 3.1
8.8
EPSS
31.0%
CVE-2024-4222 HIGH This Week

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Tutor Lms
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2024-4223 CRITICAL PATCH Act Now

The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Tutor Lms
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2024-4318 HIGH PATCH This Week

The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Tutor Lms
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-4279 MEDIUM PATCH This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Tutor Lms
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-3553 MEDIUM PATCH This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hide_notices function in all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Tutor Lms
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-3994 MEDIUM PATCH This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutor_instructor_list' shortcode in all versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Tutor Lms
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-1503 MEDIUM This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Tutor Lms
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1502 MEDIUM This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Tutor Lms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-1751 HIGH POC THREAT Act Now

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the question_id parameter in all versions up to, and including, 2.6.1 due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 35.2%.

SQLi WordPress Tutor Lms
NVD VulDB
CVSS 3.1
8.8
EPSS
35.2%
Threat
4.3
CVE-2024-1133 MEDIUM This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q&A content due to a missing capability check when interacting with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Tutor Lms
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-1128 MEDIUM PATCH This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

WordPress XSS Tutor Lms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-49829 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS - eLearning and online course solution allows Stored XSS.2.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tutor Lms
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-4805 MEDIUM POC This Month

The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tutor Lms
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-3133 HIGH POC This Week

The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Tutor Lms
NVD WPScan
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-0236 MEDIUM POC This Month

The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tutor Lms
NVD WPScan
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-2563 MEDIUM POC This Month

The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Tutor Lms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24873 MEDIUM PATCH This Month

The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Tutor Lms
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24740 MEDIUM POC This Month

The Tutor LMS WordPress plugin before 1.9.9 does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tutor Lms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24455 MEDIUM POC This Month

The Tutor LMS - eLearning and online course solution WordPress plugin before 1.9.2 did not escape the Summary field of Announcements (when outputting it in an attribute), which can be created by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress XSS Tutor Lms
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24242 LOW POC Monitor

The Tutor LMS - eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP Tutor Lms
NVD WPScan
CVSS 3.1
3.8
EPSS
0.8%
CVE-2021-24186 MEDIUM POC This Month

The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS - eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Tutor Lms
NVD WPScan
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-24185 MEDIUM POC This Month

The tutor_place_rating AJAX action from the Tutor LMS - eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Tutor Lms
NVD WPScan
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-24184 HIGH POC This Week

Several AJAX endpoints in the Tutor LMS - eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Tutor Lms
NVD WPScan
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-24183 MEDIUM POC This Month

The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS - eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Tutor Lms
NVD WPScan
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-24182 MEDIUM POC This Month

The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS - eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Tutor Lms
NVD WPScan
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-24181 MEDIUM POC This Month

The tutor_mark_answer_as_correct AJAX action from the Tutor LMS - eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Tutor Lms
NVD WPScan
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-8615 MEDIUM POC This Month

A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Tutor Lms
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
8.8%
EPSS 0% CVSS 6.5
MEDIUM This Month

Insecure Direct Object Reference (IDOR) in Tutor LMS WordPress plugin allows authenticated low-privilege users to bypass authorization controls by manipulating user-controlled keys, resulting in unauthorized modification of LMS objects such as courses, lessons, or student records. Affected versions span all releases through 3.9.13 by Themeum. No confirmed active exploitation (KEV) or public exploit code has been identified at time of analysis, but the low attack complexity and wide WordPress deployment surface make this a credible integrity risk for any site running an unpatched version.

Authentication Bypass Tutor Lms
NVD
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

Broken authorization in the Tutor LMS WordPress plugin (before 3.9.13) lets authenticated subscriber-level users bypass paid/private-course access controls when the Droip or Kirki page-builder integration is active. Because these integration handlers omit the enrollment, purchase, and private-course capability checks enforced in the core course handler, low-privileged accounts can self-enroll in paid or private courses, read otherwise-restricted content, and mark arbitrary courses complete. Reported by WPScan with publicly available exploit detail and a vendor patch released; no active exploitation is currently listed in CISA KEV.

WordPress Information Disclosure Tutor Lms
NVD WPScan
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Broken object-level authorization in the Tutor LMS WordPress plugin before 3.9.13 allows any authenticated instructor-level user to overwrite and take over arbitrary posts or pages sitewide, including administrator-owned content. The content-builder save handler validates the request against an unrelated identifier rather than confirming the requesting user owns or is permitted to edit the target post, making the authorization check entirely ineffective. A publicly available proof-of-concept exploit exists; no active exploitation has been confirmed by CISA KEV at time of analysis, though the low barrier (instructor account only) and high integrity impact elevate real-world risk significantly.

Information Disclosure WordPress Tutor Lms
NVD WPScan
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Tutor LMS WordPress plugin (all versions before 3.9.13) allows authenticated users with subscriber-level access to post auto-approved comments containing arbitrary HTML and external links on any site content, bypassing the comment moderation queue entirely. The vulnerable comment handler performs no authorization check and no post-target validation before creating comments, making this exploitable by any registered user on sites with open registration - a common LMS deployment pattern. A publicly available POC from WPScan exists; no CISA KEV listing indicates confirmed mass exploitation, but the low privilege bar and POC availability make this a realistic content-integrity threat.

Authentication Bypass WordPress Tutor Lms
NVD WPScan
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Missing ownership verification in Tutor LMS WordPress plugin before 3.9.13 allows any authenticated subscriber-level user to overwrite other students' quiz attempt records, including their scores and pass/fail status. The flaw is an insecure direct object reference (IDOR) pattern: the plugin writes to quiz attempts without confirming the requesting user owns that attempt. A public exploit exists per WPScan, meaning the technique is documented and reproducible; however, this CVE is not listed in the CISA KEV catalog, indicating no confirmed mass exploitation at time of analysis.

Information Disclosure WordPress Tutor Lms
NVD WPScan
EPSS 0% CVSS 6.5
MEDIUM This Month

Broken access control in Tutor LMS WordPress plugin versions up to and including 3.9.7 permits unauthenticated remote attackers to bypass authorization checks and access or modify restricted LMS resources. The flaw, classified as CWE-862 (Missing Authorization), stems from the plugin failing to enforce appropriate permission checks before executing sensitive operations. No active exploitation has been confirmed by CISA KEV and no public exploit code has been identified at time of analysis, though the unauthenticated attack vector and low complexity make this straightforward to exploit opportunistically.

Authentication Bypass Tutor Lms
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.7.

Authentication Bypass Tutor Lms
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An authorization bypass vulnerability exists in Themeum Tutor LMS through version 3.9.4 that allows authenticated users to access resources they should not have permission to view through user-controlled keys in the access control mechanism. This Insecure Direct Object Reference (IDOR) vulnerability affects all Tutor LMS installations up to and including version 3.9.4, enabling an attacker with low privileges to read sensitive data by manipulating object identifiers. The vulnerability has a CVSS score of 6.5 reflecting moderate severity with high confidentiality impact, and while no KEV or widespread POC exploitation has been publicly confirmed, the attack requires only network access and valid authentication credentials.

Authentication Bypass Tutor Lms
NVD VulDB
EPSS 82% CVSS 7.5
HIGH POC PATCH THREAT This Week

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘rating_filter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress Tutor Lms
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Tutor Lms
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Tutor Lms
NVD
EPSS 0% CVSS 7.1
HIGH This Week

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treport_quiz_atttempt_delete and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Tutor Lms
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.7.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Tutor Lms
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.7.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Tutor Lms
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.7.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tutor Lms
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.7.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tutor Lms
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.7.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Tutor Lms
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.7.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Tutor Lms
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Tutor Lms
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Tutor Lms
NVD
EPSS 23% CVSS 8.8
HIGH Act Now

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 23.3% and no vendor patch available.

SQLi WordPress Authentication Bypass +1
NVD
EPSS 31% CVSS 8.8
HIGH Act Now

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 31.0% and no vendor patch available.

Authentication Bypass SQLi WordPress +1
NVD
EPSS 1% CVSS 7.3
HIGH This Week

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Tutor Lms
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Tutor Lms
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Tutor Lms
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Tutor Lms
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hide_notices function in all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Tutor Lms
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutor_instructor_list' shortcode in all versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Tutor Lms
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Tutor Lms
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Tutor Lms
NVD VulDB
EPSS 35% 4.3 CVSS 8.8
HIGH POC THREAT Act Now

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the question_id parameter in all versions up to, and including, 2.6.1 due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 35.2%.

SQLi WordPress Tutor Lms
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q&A content due to a missing capability check when interacting with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Tutor Lms
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

WordPress XSS Tutor Lms
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS - eLearning and online course solution allows Stored XSS.2.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tutor Lms
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tutor Lms
NVD WPScan
EPSS 1% CVSS 7.5
HIGH POC This Week

The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Tutor Lms
NVD WPScan
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tutor Lms
NVD WPScan
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Tutor Lms
NVD WPScan
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Tutor Lms
NVD WPScan
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The Tutor LMS WordPress plugin before 1.9.9 does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tutor Lms
NVD WPScan
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The Tutor LMS - eLearning and online course solution WordPress plugin before 1.9.2 did not escape the Summary field of Announcements (when outputting it in an attribute), which can be created by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress XSS +1
NVD WPScan
EPSS 1% CVSS 3.8
LOW POC Monitor

The Tutor LMS - eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP +1
NVD WPScan
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS - eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Tutor Lms
NVD WPScan
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The tutor_place_rating AJAX action from the Tutor LMS - eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Tutor Lms
NVD WPScan
EPSS 1% CVSS 8.8
HIGH POC This Week

Several AJAX endpoints in the Tutor LMS - eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Tutor Lms
NVD WPScan
EPSS 2% CVSS 6.5
MEDIUM POC This Month

The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS - eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Tutor Lms
NVD WPScan
EPSS 2% CVSS 6.5
MEDIUM POC This Month

The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS - eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Tutor Lms
NVD WPScan
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The tutor_mark_answer_as_correct AJAX action from the Tutor LMS - eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Tutor Lms
NVD WPScan
EPSS 9% CVSS 6.5
MEDIUM POC This Month

A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Tutor Lms
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy