CVE-2025-13935 | Tutor LMS Plugin up to 3.9.3 on WordPress mark_course_complete authorization

Inserito da Angelo Barbosa | Gen 9, 2026 | CVE

A vulnerability described as critical has been identified in Tutor LMS Plugin up to 3.9.3 on WordPress. This issue affects the function mark_course_complete. The manipulation results in missing authorization.

This vulnerability is reported as CVE-2025-13935. The attack can be launched remotely. No exploit exists.

CVE-2025-13935 | Tutor LMS Plugin up to 3.9.3 on WordPress mark_course_complete authorization

Post correlati

CVE-2024-51954 | ESRI ArcGIS Server 10.9.1/11.1/11.2/11.3 on Windows access control

CVE-2024-5119 | SourceCodester Event Registration System 1.0 Master.php last_id/event_id sql injection

CVE-2024-1417 | WatchGuard AuthPoint Password Manager up to 1.0.5 on macOS command injection (wgsa-2024-0000)

CVE-2025-64751 | OpenFGA up to 1.11.0 ListObject Call improper authorization