Back to CVE List

CVE-2026-12274

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Vulnerability Description

The Tutor LMS WordPress plugin before 3.9.13 does not verify that the requesting user is allowed to edit a target post before overwriting it in one of its content-builder save handlers, authorizing the request only against an unrelated identifier, allowing authenticated users with instructor-level access to overwrite and take over any post or page on the site, including those owned by administrators.

Vulnerability Details

Published Date
Last Modified
Source
NVD
Vendor
Unknown
Product
Tutor LMS

External References

Discussion (0)

Add Comment

No comments yet. Be the first!