{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T05:52:32.047","vulnerabilities":[{"cve":{"id":"CVE-2026-0953","sourceIdentifier":"security@wordfence.com","published":"2026-03-10T17:31:40.537","lastModified":"2026-03-11T13:53:47.157","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token. This makes it possible for unauthenticated attackers to log in as any existing user, including administrators, by supplying a valid OAuth token from their own account along with the victim's email address."},{"lang":"es","value":"El plugin Tutor LMS Pro para WordPress es vulnerable a una omisión de autenticación en todas las versiones hasta la 3.9.5, inclusive, a través del complemento Social Login. Esto se debe a que el plugin no verifica que el correo electrónico proporcionado en la solicitud de autenticación coincida con el correo electrónico del token OAuth validado. Esto hace posible que atacantes no autenticados inicien sesión como cualquier usuario existente, incluidos los administradores, al proporcionar un token OAuth válido de su propia cuenta junto con la dirección de correo electrónico de la víctima."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://tutorlms.com/releases/id/393/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/92a120ac-66ae-4678-a87a-e62da885d50b?source=cve","source":"security@wordfence.com"}]}}]}