Unauthenticated Access Control Flaw in Tutor LMS by Tutor Team
CVE-2026-40743

6.5MEDIUM

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
15 June 2026

What is CVE-2026-40743?

An unauthenticated broken access control vulnerability exists in Tutor LMS versions 3.9.7 and earlier. This flaw allows unauthorized users to gain access to sensitive functions and data, potentially leading to exploitation of the system. Administrators using affected versions are encouraged to update promptly to secure their applications.

Affected Version(s)

Tutor LMS <= 3.9.7

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

lagi bljr | Patchstack Bug Bounty Program
.