CVE-2026-12274
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vulnerability Description
The Tutor LMS WordPress plugin before 3.9.13 does not verify that the requesting user is allowed to edit a target post before overwriting it in one of its content-builder save handlers, authorizing the request only against an unrelated identifier, allowing authenticated users with instructor-level access to overwrite and take over any post or page on the site, including those owned by administrators.
Vulnerability Details
Published Date
Last Modified
Source
NVD
Vendor
Unknown
Product
Tutor LMS
Discussion (0)
Add Comment
No comments yet. Be the first!