A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).
https://www.jinsonvarghese.com/cross-site-request-forgery-in-tutor-lms/
https://www.getastra.com/blog/911/plugin-exploit/cross-site-request-forgery-in-tutor-lms-plugin/
https://wpvulndb.com/vulnerabilities/10058
https://www.themeum.com/tutor-lms-updated-v1-5-3/
http://packetstormsecurity.com/files/156585/WordPress-Tutor-LMS-1.5.3-Cross-Site-Request-Forgery.html
Source: Mitre, NVD
Published: 2020-02-04
Updated: 2026-06-17
Base Score: 2.6
Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N
Severity: Low
Base Score: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Severity: Medium
EPSS: 0.04295