CVE-2026-40740 — Missing Authorization in Tutor LMS

CWE-862 — Missing Authorization3 documents3 sources

Severity

5.4MEDIUMCNA

No vector

EPSS

0.0%

top 95.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Themeum Tutor LMS

Timeline

PublishedApr 15

Description

Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.7.

Affected Packages1 packages

▶CVEListV5themeum/tutor_lms3.9.7

🔴Vulnerability Details

CVEList

WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability↗2026-04-15

▶

VulDB

Themeum Tutor LMS Plugin up to 3.9.7 on WordPress authorization↗2026-04-15

▶