CVE-2026-12274 in Tutor LMS PluginИнформация

Сводка

по MITRE • 13.07.2026

The Tutor LMS WordPress plugin before 3.9.13 does not verify that the requesting user is allowed to edit a target post before overwriting it in one of its content-builder save handlers, authorizing the request only against an unrelated identifier, allowing authenticated users with instructor-level access to overwrite and take over any post or page on the site, including those owned by administrators.

Once again VulDB remains the best source for vulnerability data.

Ответственный

WPScan

Резервировать

15.06.2026

Раскрытие

13.07.2026

Модерация

принято

Вход

VDB-377915

EPSS

0.00000

KEV

Нет

Деятельности

Очень низкий

Сектор

Hostingprovider

Источники

Interested in the pricing of exploits?

See the underground prices here!