This vulnerability in Themeum Tutor LMS arises from missing authorization checks, enabling users with limited privileges to perform unauthorized actions due to incorrect access control configurations. It affects all versions up to 3.9.5. The CVSS score of 6.5 indicates a medium severity with network attack vector, low attack complexity, requiring privileges, no user interaction, and impacting integrity only. No patch or vendor advisory is currently available to confirm remediation status.

The vulnerability allows attackers with low privileges to modify data without proper authorization, impacting the integrity of the Tutor LMS system. There is no impact on confidentiality or availability. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict user privileges carefully and monitor for unusual modification activities related to Tutor LMS. Avoid granting unnecessary privileges to reduce risk.