PT-2026-57634 · WordPress · Tutor Lms

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-12271

CVSS v3.1

5.4

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Name of the Vulnerable Software and Affected Versions Tutor LMS WordPress plugin versions prior to 3.9.13
Description The plugin fails to verify ownership of a targeted quiz attempt before writing data to it. This allows authenticated users with subscriber-level access or higher to modify and force-complete quiz attempts belonging to other students, which results in the overwriting of recorded marks and pass/fail results.
Recommendations Update Tutor LMS WordPress plugin to version 3.9.13 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-12271

Affected Products

Tutor Lms