PT-2025-43712 · WordPress · Tutor Lms
Published
2025-10-25
·
Updated
2025-10-25
·
CVE-2025-6680
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Tutor LMS versions prior to 3.8.4
Description
The Tutor LMS plugin for WordPress is affected by a sensitive information exposure issue. Authenticated attackers with tutor-level access or higher can view assignments from courses they are not teaching, potentially exposing sensitive information contained within those assignments.
Recommendations
Update Tutor LMS to version 3.8.4 or later.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tutor Lms