Authorization Bypass Vulnerability in Themeum Tutor LMS
CVE-2025-32223

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Tutor Lms
Vendor: CVE Published:; 19 March 2026

What is CVE-2025-32223?

The Themeum Tutor LMS is susceptible to an authorization bypass vulnerability, which arises from user-controlled security configurations. This flaw allows malicious actors to exploit incorrectly set access controls, potentially granting them unauthorized access to restricted areas of the LMS. It is critical for users to review their configurations and apply the necessary security measures to mitigate this risk.

Affected Version(s)

Tutor LMS 0 <= 3.9.4

References

https://patchstack.com/database/Wordpress/Plugin/tutor/vu...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2026
Vulnerability Reserved
Apr 4, 2025

Credit

daroo | Patchstack Bug Bounty Program

CVE-2025-32223 Data

JSON