Tutor LMS Missing Authorization Allows Unrestricted Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.5

Tutor LMS Missing Authorization Allows Unrestricted Access

CVE-2026-23799

Summary

An attacker can exploit a configuration error in Tutor LMS's access control to gain unauthorized access to sensitive areas of the system. This issue affects all versions of Tutor LMS up to 3.9.5. It's essential to update to the latest version of Tutor LMS to prevent unauthorized access to your system.

Original title

Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.5.

Original description

Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.5.

Vulnerability type

CWE-862 Missing Authorization

https://patchstack.com/database/Wordpress/Plugin/tutor/vulnerability/wordpress-t...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026