Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Tutor LMS – eLearning and online course solution — Vulnerabilities & Security Advisories 43

All 43 CVE vulnerabilities found in Tutor LMS – eLearning and online course solution, with AI-generated Chinese analysis, references, and POCs.

Vendor: Unknown

CVE IDTitleCVSSSeverityPublished
CVE-2026-5502 Tutor LMS <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order CWE-862 5.3 Medium2026-04-17
CVE-2026-6080 Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter CWE-89 6.5 Medium2026-04-17
CVE-2026-3371 Tutor LMS <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification CWE-639 4.3 Medium2026-04-11
CVE-2026-3358 Tutor LMS <= 3.9.7 - Missing Authorization to Authenticated (Subscriber+) Unauthorized Private Course Enrollment CWE-862 5.4 Medium2026-04-11
CVE-2026-3360 Tutor LMS <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter CWE-862 7.5 High2026-04-10
CVE-2025-13673 Tutor LMS <= 3.9.6 - Unauthenticated SQL Injection via coupon_code CWE-89 7.5 High2026-02-28
CVE-2026-1371 Tutor LMS <= 3.9.5 - Authenticated (Subscriber+) Information Disclosure in Coupon Details via 'tutor_coupon_details' AJAX Action CWE-200 5.3 Medium2026-02-03
CVE-2026-1375 Tutor LMS <= 3.9.5 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Course Modification and Deletion CWE-639 8.1 High2026-02-03
CVE-2026-0548 Tutor LMS – eLearning and online course solution <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment Deletion CWE-862 5.4 Medium2026-01-20
CVE-2025-13935 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion CWE-862 4.3 Medium2026-01-09
CVE-2025-13934 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass CWE-862 4.3 Medium2026-01-09
CVE-2025-13628 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification CWE-862 4.3 Medium2026-01-09
CVE-2025-13679 Tutor LMS <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_details CWE-862 6.5 Medium2026-01-08
CVE-2025-11564 Tutor LMS – eLearning and online course solution <= 3.8.3 - Missing Authorization to Unauthenticated Payment Status Update CWE-862 5.3 Medium2025-10-25
CVE-2025-6680 Tutor LMS <= 3.8.3 - Missing Authorization to Sensitive Information Exposure CWE-284 4.3 Medium2025-10-25
CVE-2024-10400 Tutor LMS <= 2.7.6 - Unauthenticated SQL Injection via rating_filter CWE-89 7.5 High2024-11-21
CVE-2024-10393 Tutor LMS <= 2.7.6 - User Registration Setting Bypass to Unauthorized User Registration CWE-284 5.3 Medium2024-11-21
CVE-2023-2919 Tutor LMS <= 2.7.4 - Cross-Site Request Forgery via 'addon_enable_disable' CWE-352 4.3 Medium2024-09-10
CVE-2024-5438 Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion CWE-639 4.3 Medium2024-06-07
CVE-2024-4902 Tutor LMS – eLearning and online course solution <= 2.7.1 -Authenticated (Administrator+) SQL Injection CWE-89 7.2 High2024-06-07
CVE-2024-4223 Tutor LMS <= 2.7.0 - Missing Authorization CWE-862 9.8 Critical2024-05-16
CVE-2024-4318 Tutor LMS <= 2.7.0 - Authenticated (Instructor+) SQL Injection CWE-89 8.8 High2024-05-16
CVE-2024-4279 Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion CWE-639 6.5 Medium2024-05-16
CVE-2024-3553 Tutor LMS <= 2.6.2 - Missing Authorization to Unauthenticated Limited Options Update CWE-862 6.5 Medium2024-05-02
CVE-2024-3994 Tutor LMS – eLearning and online course solution <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode CWE-79 5.4 Medium2024-04-25
CVE-2024-1751 Tutor LMS – eLearning and online course solution <= 2.6.1 - Authenticated (Subscriber+) SQL Injection CWE-89 8.8 High2024-03-13
CVE-2024-1502 Tutor LMS – eLearning and online course solution <= 2.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion CWE-862 5.4 Medium2024-03-12
CVE-2024-1503 Tutor LMS – eLearning and online course solution <= 2.6.1 - Cross-Site Request Forgery to Plugin Deactivation and Data Erase CWE-352 4.3 Medium2024-03-12
CVE-2024-1133 Tutor LMS <= 2.6.0 - Missing Authorization CWE-862 4.3 Medium2024-02-20
CVE-2024-1128 Tutor LMS <= 2.6.0 - Authenticated(Student+) HTML Injection via Q&A CWE-74 5.4 Medium2024-02-20

All 43 known CVE vulnerabilities affecting Tutor LMS – eLearning and online course solution with full Chinese analysis, references, and POCs where available.