A vulnerability was found in Tutor LMS Plugin up to 3.9.12 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Quiz Attempt Management. The manipulation leads to authorization bypass.

This vulnerability is traded as CVE-2026-12271. It is possible to initiate the attack remotely. There is no exploit available.