Unauthorized Quiz Manipulation in Tutor LMS Plugin by Tutor Pro Inc.
CVE-2026-12271
Currently unrated
Key Information:
Badges
๐พ Exploit Exists๐ก Public PoC
What is CVE-2026-12271?
The Tutor LMS WordPress plugin prior to version 3.9.13 contains an access control flaw that allows authenticated users with subscriber-level permissions or higher to manipulate quiz attempts. This vulnerability enables these users to overwrite quiz marks and force-complete the assessment for other students, thereby compromising the integrity of the quiz results.
Affected Version(s)
Tutor LMS 0 < 3.9.13
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.