CVE-2026-25406 - Vulnerability Details - OpenCVE

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through <= 3.9.4.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

Vendors	Products
Themeum Subscribe	Tutor Lms Subscribe
Wordpress Subscribe	Wordpress Subscribe

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Themeum Subscribe	Tutor Lms Subscribe
Wordpress Subscribe	Wordpress Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://patchstack.com/database/Wordpress/Plugin/tutor-pro/vulnerability/wordpress-tutor-lms-pro-plugin-3-9-4-broken-authentication-vulnerability?_s_id=cve

History

Thu, 26 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Themeum Themeum tutor Lms Wordpress Wordpress wordpress
Vendors & Products		Themeum Themeum tutor Lms Wordpress Wordpress wordpress

Wed, 25 Mar 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through <= 3.9.4.
Title		WordPress Tutor LMS Pro plugin <= 3.9.4 - Broken Authentication vulnerability
Weaknesses		CWE-288
References		https://patchstack.com/database/Wordpress/Plugin/tutor-pro/vulnerability/wordpress-tutor-lms-pro-plugin-3-9-4-broken-authentication-vulnerability?_s_id=cve

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2026-03-25T16:14:48.521Z

Updated: 2026-03-26T15:55:22.988Z

Reserved: 2026-02-02T12:53:19.001Z

Link: CVE-2026-25406

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-25T17:16:49.890

Modified: 2026-03-25T17:16:49.890

Link: CVE-2026-25406

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-26T11:38:30Z

Weaknesses

CWE-288

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25406", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-02T12:53:19.001Z", "datePublished": "2026-03-25T16:14:48.521Z", "dateUpdated": "2026-03-26T15:55:22.988Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "tutor-pro", "product": "Tutor LMS Pro", "vendor": "Themeum", "versions": [{"lessThanOrEqual": "<= 3.9.4", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-25T17:12:27.655Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.<p>This issue affects Tutor LMS Pro: from n/a through <= 3.9.4.</p>"}], "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through <= 3.9.4."}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "Authentication Abuse"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:14:48.521Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/tutor-pro/vulnerability/wordpress-tutor-lms-pro-plugin-3-9-4-broken-authentication-vulnerability?_s_id=cve"}], "title": "WordPress Tutor LMS Pro plugin <= 3.9.4 - Broken Authentication vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T15:55:18.724746Z", "id": "CVE-2026-25406", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T15:55:22.988Z"}}]}}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.9.4]"}}], "enrichment": {"confidence": 89.0, "confidence_source": "matching", "scores": [{"score": 89.0, "source": "matching"}]}, "original": {"product": "Tutor LMS Pro", "source": "cna", "vendor": "Themeum"}, "product": "tutor_lms", "vendor": "themeum"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-25T17:54:32.341704+00:00", "value": {"mitigation_remediation": ["Apply the latest Tutor LMS Pro update (3.9.5 or newer) released by Themeum.", "If an update is not yet available, temporarily disable the Tutor LMS Pro plugin or restrict its access to trusted administrators.", "Verify that authentication is enforced by attempting to log in via the alternate path after patch or mitigation.", "Monitor server logs for suspicious authentication attempts."], "summary": {"action": "Patch Immediately", "impact": "Authentication Bypass"}, "threat_synthesis": {"affected_systems": "The issue affects the WordPress Tutor LMS Pro plugin from the earliest release through version 3.9.4, provided by Themeum. Any WordPress site running these versions of the plugin is susceptible.", "description_and_impact": "The vulnerability enables authentication bypass by exploiting an alternate path, allowing attackers to gain unauthorized access and perform privileged actions without valid credentials. This flaw follows CWE\u2011288: Broken Authentication and can compromise the confidentiality and integrity of the system.", "risk_and_exploitability": "The CVSS score is not provided, and there is no EPSS data, but the vulnerability is not currently listed in the CISA KEV catalog. Attackers would likely exploit the flaw via standard HTTP requests to the plugin\u2019s alternate authentication endpoints, as the description indicates an authentication abuse scenario. Because the flaw permits bypass without needing additional credentials, the risk to affected sites is high, especially if the plugin grants administrative privileges."}}}}, "created": "2026-03-25T21:44:34.672585+00:00", "updated": "2026-03-26T11:38:30.076623+00:00", "vendors": ["themeum", "themeum$PRODUCT$tutor_lms", "wordpress", "wordpress$PRODUCT$wordpress"]}