Tutor LMS – eLearning and online course solution

Tutor LMS – eLearning and online course solution <= 3.9.7 - Missing Authorization

Tutor LMS <= 3.8.3 - Missing Authorization to Sensitive Information Exposure

CVE-2026-5502

CVE-2026-6080

CVE-2026-40740

Tutor LMS – eLearning and online course solution <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment Deletion

Tutor LMS <= 3.9.5 - Authenticated (Subscriber+) Information Disclosure in Coupon Details via 'tutor_coupon_details' AJAX Action

Tutor LMS <= 3.9.5 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Course Modification and Deletion

Tutor LMS <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification

Tutor LMS <= 3.9.7 - Missing Authorization to Authenticated (Subscriber+) Unauthorized Private Course Enrollment

Tutor LMS <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter

CVE-2025-32223

CVE-2026-23799

CVE-2025-13673

CVE-2025-47555

CVE-2025-13679

CVE-2025-13628

CVE-2025-13934

CVE-2025-13935

CVE-2025-11564

CVE-2025-58993

CVE-2025-32230

CVE-2024-10400

CVE-2024-10393

CVE-2023-2919

CVE-2024-43282

CVE-2024-43231

CVE-2024-43142

CVE-2024-39645

CVE-2024-37947

CVE-2024-37256

CVE-2024-37266

CVE-2024-5438

CVE-2024-4902

CVE-2024-4318

CVE-2024-4279

CVE-2024-3553

CVE-2024-3994

CVE-2024-1502

CVE-2024-1751

CVE-2024-1503

CVE-2024-1128

CVE-2024-1133

CVE-2023-49829

WordPress Tutor LMS Plugin < 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Tutor LMS &lt; 2.0.9 - Reflected Cross-Site Scripting

WordPress Tutor LMS Plugin <= 1.9.12 is vulnerable to Cross Site Scripting (XSS)

CVE-2023-3133

CVE-2023-25800

CVE-2023-25700

CVE-2023-25990

CVE-2023-25799

CVE-2023-0236

Tutor LMS &lt; 1.9.6 - Reflected Cross-Site Scripting

Tutor LMS &lt; 1.9.12 - Subscriber+ Stored Cross-Site Scripting

Tutor LMS &lt; 1.9.13 - Reflected Cross-Site Scripting

Tutor LMS <= 1.9.12 - Reflected Cross-Site Scripting

Tutor LMS <= 1.9.5 - Cross-Site Scripting

Tutor LMS <= 1.9.11 - Stored Cross-Site Scripting

Tutor LMS – eLearning and online course solution 2.0.0-2.0.8 - Reflected Cross-Site Scripting

CVE-2022-2563

WordPress Tutor LMS plugin <= 1.5.2 - Cross-Site Request Forgery (CSRF) vulnerability

WordPress Tutor LMS plugin <= 1.7.6 - Unprotected AJAX Action to Privilege Escalation vulnerability

WordPress Tutor LMS plugin <= 1.8.2 - Multiple Union SQL Injection (SQLi) vulnerabilities

WordPress Tutor LMS plugin <= 1.7.6 - Multiple Blind/Time-based SQL Injection (SQLi) vulnerabilities

WordPress Tutor LMS plugin <= 1.9.5 - Reflected Cross-Site Scripting (XSS) vulnerability

WordPress Tutor LMS plugin <= 1.9.11 - Stored Cross-Site Scripting (XSS) vulnerability

CVE-2020-8615

CVE-2021-24186

CVE-2021-24182

CVE-2021-24185

CVE-2021-24184

CVE-2021-24183

CVE-2021-24181

CVE-2021-24242

CVE-2021-24455

CVE-2021-24740

CVE-2021-24873

CVE-2021-25017