CVE-2025-6680

Published: Oct 25, 2025Modified: Dec 5, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: security@wordfence.com (Secondary)

Description

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3. This makes it possible for authenticated attackers, with tutor-level access and above, to view assignments for courses they don't teach which may contain sensitive information.

Affected (1)

Products: Themeum: Tutor Lms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Themeum Tutor Lms	Before 3.9.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://plugins.trac.wordpress.org/changeset/3382577/tutor/trunk/templates/dashboard/assignments/review.php?old=3249440&old_path=tutor%2Ftrunk%2Ftemplates%2Fdashboard%2Fassignments%2Freview.php

Source: security@wordfence.com

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/1b8d88e4-a9dc-4740-b836-99f730beefcb?source=cve

Source: security@wordfence.com

ProductThird Party Advisory

Timeline

No history available yet.