Themeum

Tutor Lms

73 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2026-10736

  • EPSS 0.36%
  • Veröffentlicht 18.06.2026 05:34:24
  • Zuletzt bearbeitet 18.06.2026 05:34:24

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 3.9.11 due to insufficient escaping on the user supplied parameter and lac...

6.5

CVE-2026-40743

  • EPSS 0.25%
  • Veröffentlicht 15.06.2026 20:18:13
  • Zuletzt bearbeitet 15.06.2026 21:24:32

Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.

5.3

CVE-2026-6965

  • EPSS 0.3%
  • Veröffentlicht 13.05.2026 05:29:37
  • Zuletzt bearbeitet 13.05.2026 14:43:46

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the `get_course_id_by()` function unconditionally trusting the user-supp...

5.3

CVE-2026-5502

  • EPSS 0.47%
  • Veröffentlicht 17.04.2026 03:36:45
  • Zuletzt bearbeitet 22.04.2026 20:22:50

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and including 3.9.8. This is due to a missing authorization check in the tutor_update_course_content...

6.5

CVE-2026-6080

  • EPSS 0.5%
  • Veröffentlicht 17.04.2026 03:36:44
  • Zuletzt bearbeitet 22.04.2026 20:22:50

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb-...

5.4

CVE-2026-40740

  • EPSS 0.18%
  • Veröffentlicht 15.04.2026 10:21:34
  • Zuletzt bearbeitet 22.04.2026 20:23:16

Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.7.

4.3

CVE-2026-3371

  • EPSS 0.36%
  • Veröffentlicht 11.04.2026 01:25:01
  • Zuletzt bearbeitet 24.04.2026 18:00:32

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the `save_course_content_order()` ...

5.4

CVE-2026-3358

  • EPSS 0.37%
  • Veröffentlicht 11.04.2026 01:24:56
  • Zuletzt bearbeitet 24.04.2026 18:00:32

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and including, 3.9.7. This is due to missing post_status validation in the `enroll_now()` and `co...

7.5

CVE-2026-3360

  • EPSS 0.62%
  • Veröffentlicht 10.04.2026 02:16:03
  • Zuletzt bearbeitet 24.04.2026 18:01:58

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the `pay_inc...

6.5

CVE-2025-32223

  • EPSS 0.29%
  • Veröffentlicht 19.03.2026 08:05:59
  • Zuletzt bearbeitet 29.04.2026 10:16:45

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.4.