What is CVE-2026-0953?

CVE-2026-0953 is a critical-severity vulnerability in Themeum Tutor Lms Pro, classified under Improper Authentication. CVSS score: 9.8/10. Published 2026-03-10.

How severe is CVE-2026-0953?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Auth bypass in Themeum Tutor Lms Pro

CVE-2026-0953

The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication…

Vulnerability class: Broken Authentication

EPSS: 0.001 (26.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Themeum Tutor Lms Pro — versions 0

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

www.wordfence.com/threat-intel/vulnerabilities/id/92a120ac-66ae-4678-a87a-e62da…
tutorlms.com/releases/id/393/

Frequently asked questions

What is CVE-2026-0953?: CVE-2026-0953 is a critical-severity vulnerability in Themeum Tutor Lms Pro, classified under Improper Authentication. CVSS score: 9.8/10. Published 2026-03-10.
How severe is CVE-2026-0953?: Critical severity. CVSS v3 base score is 9.8 out of 10.