Themeum Tutor Lms – Elearning And Online Course Solution
33 CVEs affecting Themeum Tutor Lms – Elearning And Online Course Solution. Latest disclosed: 2026-05-13. Critical: 1, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-4223 | Critical | 9.8 | 2024-05-16 | The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multip… |
CVE-2024-4318 | High | 8.8 | 2024-05-16 | The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to ins… |
CVE-2024-1751 | High | 8.8 | 2024-03-13 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the question_id parameter in all versio… |
CVE-2026-1375 | High | 8.1 | 2026-02-03 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object References (IDOR) in all versions up to, and… |
CVE-2026-3360 | High | 7.5 | 2026-04-10 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and inclu… |
CVE-2025-13673 | High | 7.5 | 2026-02-28 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'coupon_code' parameter in all versions up to… |
CVE-2024-10400 | High | 7.5 | 2024-11-21 | The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘rating_filter’ parameter in all versions up to, and including, 2.7.6 due to insuffic… |
CVE-2024-4902 | High | 7.2 | 2024-06-07 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versio… |
CVE-2026-6080 | Medium | 6.5 | 2026-04-17 | The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' par… |
CVE-2025-13679 | Medium | 6.5 | 2026-01-08 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the… |
CVE-2024-4279 | Medium | 6.5 | 2024-05-16 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in ver… |
CVE-2024-3553 | Medium | 6.5 | 2024-05-02 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check… |
CVE-2023-49829 | Medium | 5.9 | 2023-12-15 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS – eLearning and online course solution… |
CVE-2026-3358 | Medium | 5.4 | 2026-04-11 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and in… |
CVE-2026-0548 | Medium | 5.4 | 2026-01-20 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized attachment deletion due to a missing capability check o… |
CVE-2024-3994 | Medium | 5.4 | 2024-04-25 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutor_instructor_list'… |
CVE-2024-1502 | Medium | 5.4 | 2024-03-12 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the t… |
CVE-2024-1128 | Medium | 5.4 | 2024-02-20 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. This is… |
CVE-2026-6965 | Medium | 5.3 | 2026-05-13 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9… |
CVE-2026-5502 | Medium | 5.3 | 2026-04-17 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and inclu… |