A vulnerability described as problematic has been identified in Tutor LMS Plugin up to 3.9.12 on WordPress. This impacts an unknown function of the component Content Builder. Executing a manipulation can lead to authorization bypass.

The identification of this vulnerability is CVE-2026-12274. The attack may be launched remotely. There is no exploit available.