Unrated severityNVD Advisory· Published Oct 25, 2025· Updated Apr 8, 2026

Tutor LMS <= 3.8.3 - Missing Authorization to Sensitive Information Exposure

CVE-2025-6680

Description

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3. This makes it possible for authenticated attackers, with tutor-level access and above, to view assignments for courses they don't teach which may contain sensitive information.

Affected products

Tutor LMS/Tutor LMS Prollm-fuzzy
Range: <=3.8.3
themeum/Tutor LMS – eLearning and online course solutionv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/3382577/tutor/trunk/templates/dashboard/assignments/review.phpmitre
www.wordfence.com/threat-intel/vulnerabilities/id/1b8d88e4-a9dc-4740-b836-99f730beefcbmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000