CVE-2025-13934
BaseFortify
Publication date: 2026-01-09
Last updated on: 2026-01-09
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unknown_vendor | tutor_lms | to 3.9.3 (inc) |
| unknown_vendor | tutor_lms | 3.9.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Tutor LMS WordPress plugin allows authenticated users with subscriber-level access or higher to enroll themselves in any course without paying. This happens because the plugin's AJAX handler for course enrollment lacks proper capability checks and validation to confirm if the user has purchased the course. As a result, users can bypass the purchase process and gain unauthorized access to paid courses. [2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized users to access paid courses without payment, potentially leading to revenue loss. It undermines the intended access controls of the eLearning platform, allowing users to bypass purchase requirements and enroll in courses freely, which can affect the business model and content protection. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by monitoring AJAX requests to the `course_enrollment()` handler in the Tutor LMS plugin. Look for unauthorized enrollment attempts where subscriber-level users enroll in courses without purchase validation. Specifically, inspect network traffic or server logs for AJAX calls attempting course enrollment without proper purchase checks. Commands to assist detection might include using tools like curl or wget to simulate enrollment requests, or using network monitoring tools (e.g., tcpdump, Wireshark) to capture suspicious AJAX POST requests to the enrollment endpoint. However, no specific commands are provided in the resources. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the Tutor LMS plugin to version 3.9.4 or later, where the vulnerability is fixed. The fix includes adding a verification step in the AJAX enrollment handler to check if the course is purchasable and whether the user is already enrolled, preventing unauthorized enrollment without purchase. Until the update is applied, consider restricting AJAX access to the enrollment handler or limiting subscriber-level user permissions as a temporary measure. [2]