A critical authentication bypass vulnerability in Tutor LMS Pro puts over 30,000 WordPress sites at risk of account takeover — including admin accounts — if an attacker knows the target's email address. Update to version 3.9.6 immediately.

Read more: https://www.wordfence.com/blog/2026/03/30000-wordpress-sites-affected-by-authentication-bypass-vulnerability-in-tutor-lms-pro-wordpress-plugin

#WordPress #WordPressSecurity #Wordfence