CVE-2026-0953 — AI Deep Analysis Summary

🚨 **Essence**: Tutor LMS Pro has a critical **Authorization Flaw**. 📉 **Consequences**: Attackers can bypass authentication and impersonate **any existing user**.…

🛡️ **Root Cause**: **CWE-287** (Improper Authentication). The plugin fails to verify if the **email** in the request matches the **email** in the validated OAuth token. 🚫 Logic gap in identity validation.

📦 **Affected**: **Tutor LMS Pro** by **Themeum**. 📅 **Version**: 3.9.5 and **earlier** versions. ⚠️ If you are running < 3.9.6, you are vulnerable.

💀 **Attacker Capabilities**: Login as **ANY** user. 📊 **Impact**: High Confidentiality, Integrity, and Availability loss. Hackers can access private course data, modify user profiles, and disrupt learning environments.

📉 **Threshold**: **LOW**. 🚀 **CVSS**: 9.8 (Critical). No authentication (PR:N), no user interaction (UI:N), network accessible (AV:N). It is an **easy win** for automated bots.

🔍 **Public Exp?**: No specific PoC code provided in data. 🌐 **Status**: High risk of wild exploitation due to low barrier. WordFence has issued a threat intel alert, signaling active monitoring.

🔎 **Self-Check**: Scan for **Tutor LMS Pro** plugin. ✅ **Verify Version**: Ensure it is **not** 3.9.5 or older. 🛠️ Check OAuth token handling logic if custom development is involved.

🔧 **Fix**: Update to the latest version immediately. 📢 **Reference**: Themeum released a fix (see tutorlms.com/releases/id/393/). 🔄 **Action**: Upgrade past 3.9.5 to patch the email mismatch flaw.

🚧 **No Patch?**: Disable the plugin temporarily. 🚫 **Block**: Restrict access to OAuth endpoints via WAF. 👮 **Monitor**: Alert on unusual login patterns or email mismatches in logs.

🔥 **Urgency**: **CRITICAL**. ⏳ **Priority**: Patch **IMMEDIATELY**. CVSS 9.8 means this is a top-tier emergency. Do not wait. Protect user data and site integrity now.