CVE-2025-6680
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-25
Last updated on: 2025-12-05
Assigner: Wordfence
Description
Description
The Tutor LMS β eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3. This makes it possible for authenticated attackers, with tutor-level access and above, to view assignments for courses they don't teach which may contain sensitive information.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| themeum | tutor_lms | to 3.9.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Tutor LMS WordPress plugin allows authenticated users with tutor-level access or higher to view assignments for courses they do not teach. These assignments may contain sensitive information, leading to unauthorized exposure of such data.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information contained in course assignments. This could result in privacy breaches, loss of trust, and potential misuse of exposed data by unauthorized tutors or users with elevated access.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70