PT-2026-57634 · WordPress · Tutor Lms
Published
2026-07-13
·
Updated
2026-07-13
·
CVE-2026-12271
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Tutor LMS WordPress plugin versions prior to 3.9.13
Description
The plugin fails to verify ownership of a targeted quiz attempt before writing data to it. This allows authenticated users with subscriber-level access or higher to modify and force-complete quiz attempts belonging to other students, which results in the overwriting of recorded marks and pass/fail results.
Recommendations
Update Tutor LMS WordPress plugin to version 3.9.13 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tutor Lms