Authorization Bypass Vulnerability in Themeum's Tutor LMS Plugin
CVE-2025-47555

3.8LOW

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
22 January 2026

What is CVE-2025-47555?

The Themeum Tutor LMS plugin is susceptible to an authorization bypass vulnerability due to incorrectly configured access control security levels. This issue enables unauthorized users to gain access to restricted functionalities and sensitive information. The vulnerability impacts versions from n/a to 3.9.4, highlighting the importance of applying timely security updates and conducting thorough access control assessments to mitigate potential risks.

Affected Version(s)

Tutor LMS 0 <= 3.9.4

References

CVSS V3.1

Score:
3.8
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Supakiad S. (m3ez) | Patchstack Bug Bounty Program
.