Sensitive Information Exposure in Tutor LMS Plugin for WordPress
CVE-2025-6680

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Tutor Lms – Elearning And Online Course Solution
Vendor: CVE Published:; 25 October 2025

What is CVE-2025-6680?

The Tutor LMS plugin for WordPress is affected by a vulnerability that allows authenticated users with tutor-level access and above to access assignments from courses they do not teach. This exposure of potentially sensitive information creates a risk of unauthorized information retrieval, highlighting the need for prompt updates to version 3.8.3 or later to safeguard user data effectively.

Affected Version(s)

Tutor LMS – eLearning and online course solution * <= 3.8.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3382577/tuto...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 25, 2025
Vulnerability Reserved
Jun 25, 2025

Credit

Sergio Framiñánn García

JSON