Tutor lms

This hub aggregates every CVE we track for Tutor lms, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Tutor lms.

• CVE-2026-40743WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability6.5Jun 15, 2026
• CVE-2026-40740WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability5.4Apr 15, 2026
• CVE-2025-32223WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability6.5Mar 19, 2026
• CVE-2026-23799WordPress Tutor LMS plugin <= 3.9.5 - Broken Access Control vulnerability6.5Mar 5, 2026
• CVE-2025-47555WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability3.8Jan 22, 2026
• CVE-2025-11564Tutor LMS – eLearning and online course solution <= 3.8.3 - Missing Authorization to Unauthenticated Payment Status Update5.3Oct 25, 2025
• CVE-2025-6680Tutor LMS <= 3.8.3 - Missing Authorization to Sensitive Information Exposure4.3Oct 25, 2025
• CVE-2025-58993WordPress Tutor LMS Plugin <= 3.7.4 - SQL Injection Vulnerability7.6Sep 9, 2025
• CVE-2025-32230WordPress Tutor LMS plugin <= 3.4.0 - HTML Injection vulnerability4.3Apr 10, 2025
• CVE-2024-10400Tutor LMS <= 2.7.6 - Unauthenticated SQL Injection via rating_filter7.5Nov 21, 2024
• CVE-2024-10393Tutor LMS <= 2.7.6 - User Registration Setting Bypass to Unauthorized User Registration5.3Nov 21, 2024
• CVE-2024-43142WordPress Tutor LMS plugin <= 2.7.3 - Broken Access Control vulnerability4.3Nov 1, 2024
• CVE-2023-2919Tutor LMS <= 2.7.4 - Cross-Site Request Forgery via 'addon_enable_disable'4.3Sep 10, 2024
• CVE-2024-5784Tutor LMS Pro <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Insecure Direct Object Reference7.1Aug 30, 2024
• CVE-2024-39645WordPress Tutor LMS plugin <= 2.7.2 - Cross Site Request Forgery (CSRF) vulnerability5.4Aug 26, 2024