Access Control Vulnerability in Themeum Tutor LMS
CVE-2026-40740

Currently unrated

Key Information:

Vendor: WordPress
Status: Tutor Lms
Vendor: CVE Published:; 15 April 2026

What is CVE-2026-40740?

A significant vulnerability exists in Themeum's Tutor LMS that arises from incorrect configuration of access control security levels. This issue allows unauthorized users to exploit the system, potentially gaining access to sensitive features meant for authenticated users. The vulnerability affects Tutor LMS versions up to and including 3.9.7, necessitating immediate action for users to safeguard their platforms against unauthorized access.

Affected Version(s)

Tutor LMS 0 <= 3.9.7

References

https://patchstack.com/database/Wordpress/Plugin/tutor/vu...

vdb-entry

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Apr 15, 2026

Credit

3diklab | Patchstack Bug Bounty Program

CVE-2026-40740 Data

JSON

WordPress

What is CVE-2026-40740?

Affected Version(s)

References

Timeline

Credit