PT-2026-1728 · WordPress · Tutor Lms
Supakiad S
·
Published
2026-01-09
·
Updated
2026-01-09
·
CVE-2025-13935
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Tutor LMS versions prior to 3.9.3
Description
The Tutor LMS plugin for WordPress is susceptible to unauthorized course completion. This occurs because of a lack of enrollment verification within the
mark course complete function. Authenticated attackers with subscriber-level access or higher can mark any course as completed.Recommendations
Update Tutor LMS to version 3.9.3 or later.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tutor Lms