A vulnerability categorized as critical has been discovered in WPScan Tutor LMS Plugin up to 3.9.12 on WordPress. Impacted is an unknown function of the component Droip/Kirki page-builder integration. The manipulation results in improper authentication.

This vulnerability is known as CVE-2026-12275. It is possible to launch the attack remotely. No exploit is available.