CVE-2026-12273 in Tutor LMS Pluginالمعلومات

الملخص

بحسب MITRE • 13/07/2026

The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowing authenticated users with subscriber-level access and above to post auto-approved comments containing arbitrary HTML and links on any content across the site, bypassing the comment moderation queue.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

مسؤول

WPScan

حجز

15/06/2026

إفشاء

13/07/2026

الاعتدال

تمت الموافقة

إدخال

VDB-377914

EPSS

0.00000

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

Do you know our Splunk app?

Download it now for free!