Themeum

Tutor Lms

70 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-5502

  • EPSS 0.01%
  • Veröffentlicht 17.04.2026 03:36:45
  • Zuletzt bearbeitet 17.04.2026 05:16:19

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and including 3.9.8. This is due to a missing authorization check in the tutor_update_course_content...

6.5

CVE-2026-6080

  • EPSS 0.01%
  • Veröffentlicht 17.04.2026 03:36:44
  • Zuletzt bearbeitet 17.04.2026 05:16:19

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb-...

5.4

CVE-2026-40740

  • EPSS 0.02%
  • Veröffentlicht 15.04.2026 10:21:34
  • Zuletzt bearbeitet 16.04.2026 15:17:39

Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.7.

4.3

CVE-2026-3371

  • EPSS 0.03%
  • Veröffentlicht 11.04.2026 01:25:01
  • Zuletzt bearbeitet 13.04.2026 15:01:43

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the `save_course_content_order()` ...

5.4

CVE-2026-3358

  • EPSS 0.06%
  • Veröffentlicht 11.04.2026 01:24:56
  • Zuletzt bearbeitet 13.04.2026 15:01:43

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and including, 3.9.7. This is due to missing post_status validation in the `enroll_now()` and `co...

7.5

CVE-2026-3360

  • EPSS 0.1%
  • Veröffentlicht 10.04.2026 02:16:03
  • Zuletzt bearbeitet 13.04.2026 15:02:27

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the `pay_inc...

6.5

CVE-2025-32223

  • EPSS 0.02%
  • Veröffentlicht 19.03.2026 08:05:59
  • Zuletzt bearbeitet 01.04.2026 17:22:10

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.4.

6.5

CVE-2026-23799

  • EPSS 0.03%
  • Veröffentlicht 05.03.2026 06:16:22
  • Zuletzt bearbeitet 09.03.2026 20:16:06

Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.5.

7.5

CVE-2025-13673

  • EPSS 0.09%
  • Veröffentlicht 28.02.2026 07:25:35
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'coupon_code' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack ...

8.1

CVE-2026-1375

  • EPSS 0.06%
  • Veröffentlicht 03.02.2026 08:16:14
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object References (IDOR) in all versions up to, and including, 3.9.5. This is due to missing object-level authorization checks in the `course_l...