CVE-2026-6965 | themeum Tutor LMS Plugin up to 3.9.9 on WordPress get_course_id_by course authorization

A vulnerability has been found in themeum Tutor LMS Plugin up to 3.9.9 on WordPress and classified as critical. Affected by this issue is the function get_course_id_by. The manipulation of the argument course leads to authorization bypass.

This vulnerability is referenced as CVE-2026-6965. Remote exploitation of the attack is possible. No exploit is available.VulDB Recent EntriesRead More