๐Ÿ” CVE Alert

CVE-2026-12271

MEDIUM 5.4

Tutor LMS < 3.9.13 - Subscriber+ Arbitrary Quiz Attempt Modification via IDOR

CVSS Score
5.4
EPSS Score
0.1%
EPSS Percentile
3th

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail result.

Vendor unknown
Product tutor lms
Published Jul 13, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for unknown tutor lms

Be the first to know when new medium vulnerabilities affecting unknown tutor lms are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / Tutor LMS
0 < 3.9.13

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/ca99ea35-4bf8-4dc8-a817-79fb9fa1c5bd/

Credits

Muni Nitish Kumar Yaddala WPScan