CVE-2025-32223

{"id": "CVE-2025-32223", "cveTags": [], "metrics": {}, "published": "2026-03-19T09:16:15.477", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/tutor/vulnerability/wordpress-tutor-lms-plugin-3-9-4-insecure-direct-object-references-idor-vulnerability-2?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.4."}, {"lang": "es", "value": "Vulnerabilidad de elusi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en Themeum Tutor LMS permite explotar niveles de seguridad de control de acceso incorrectamente configurados. Este problema afecta a Tutor LMS: desde n/a hasta 3.9.4."}], "lastModified": "2026-04-01T17:22:10.437", "sourceIdentifier": "audit@patchstack.com"}