Access Control Vulnerability in Themeum Tutor LMS
CVE-2026-40740

5.4MEDIUM

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
15 April 2026

What is CVE-2026-40740?

A significant vulnerability exists in Themeum's Tutor LMS that arises from incorrect configuration of access control security levels. This issue allows unauthorized users to exploit the system, potentially gaining access to sensitive features meant for authenticated users. The vulnerability affects Tutor LMS versions up to and including 3.9.7, necessitating immediate action for users to safeguard their platforms against unauthorized access.

Affected Version(s)

Tutor LMS 0 <= 3.9.7

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

3diklab | Patchstack Bug Bounty Program
.