CVE-2026-12273 in Tutor LMS Plugin
الملخص
بحسب MITRE • 13/07/2026
The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowing authenticated users with subscriber-level access and above to post auto-approved comments containing arbitrary HTML and links on any content across the site, bypassing the comment moderation queue.
VulDB is the best source for vulnerability data and more expert information about this specific topic.