cleantalk
Vulnerabilities and Security Researches

Tutor LMS – eLearning and online course solution, CVE-2025-6680

CVE, Research URL

CVE-2025-6680

Home page URL

Security reports for Tutor LMS – eLearning and online course solution

Application

Tutor LMS – eLearning and online course solution

Published on
Oct 25, 2025
Research Description
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3. This makes it possible for authenticated attackers, with tutor-level access and above, to view assignments for courses they don't teach which may contain sensitive information.
Affected versions
max 3.9.0.
Status
vulnerable
Previous vulnerability researches
Maps for WP (CVE-2025-57952) , Apr 24, 2026
Maps for WP (CVE-2025-32179) , Apr 06, 2025
Maps for WP (CVE-2024-13648) , Feb 22, 2025
New vulnerability
Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint (CVE-2025-59570) , Apr 25, 2026
xili-language (CVE-2025-58654) , Apr 25, 2026
Ultimate WP Mail (CVE-2025-53454) , Apr 25, 2026
WPGraphQL Smart Cache (67bffa5233e71f0f6e6f08ff3569e436ffd493ff) , Apr 25, 2026
BSK PDF Manager (CVE-2025-4970) , Apr 25, 2026