CVE-2025-13673

Name of the Vulnerable Software and Affected Versions Tutor LMS versions prior to 3.9.7

Description The Tutor LMS plugin for WordPress is susceptible to SQL Injection due to inadequate input validation and query preparation. Specifically, the coupon code parameter is not properly sanitized, allowing unauthenticated attackers to inject malicious SQL queries. This could enable unauthorized access to sensitive database information.

Recommendations Update Tutor LMS to version 3.9.7 or later.