NVD脆弱性詳細

CVE-2026-6965

概要	The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the `get_course_id_by()` function unconditionally trusting the user-supplied `course` GET parameter as the authoritative course ID for content ownership lookups, which is then consumed by `can_user_manage()`, the plugin's sole authorization gate for instructor-level operations, causing it to evaluate instructor membership against the attacker-controlled course rather than the course that actually owns the target content object. This makes it possible for authenticated attackers, with instructor-level access and above, to perform unauthorized operations on any other instructor's course content, including permanently deleting lessons, assignments, quizzes (with cascading deletion of all student attempt data), topics, announcements, and Q&A threads, as well as creating or modifying lessons, topics, and announcements in victim courses, manipulating student quiz grades, and reading unpublished lesson and quiz content.
公表日	2026年5月13日15:16
登録日	2026年5月15日4:19
最終更新日	2026年5月13日23:43

CVSS3.1 : MEDIUM
スコア	5.3
ベクター	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし

関連情報、対策とツール

No	URL	refsource
1	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Ajax.php#L294	security@wordfence.com
2	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Ajax.php#L507	security@wordfence.com
3	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Ajax.php#L586	security@wordfence.com
4	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Announcements.php#L105	security@wordfence.com
5	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Course.php#L1997	security@wordfence.com
6	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Course.php#L2045	security@wordfence.com
7	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Lesson.php#L186	security@wordfence.com
8	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Lesson.php#L243	security@wordfence.com
9	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Lesson.php#L341	security@wordfence.com
10	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Q_And_A.php#L219	security@wordfence.com
11	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Q_And_A.php#L297	security@wordfence.com
12	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Q_And_A.php#L339	security@wordfence.com
13	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Quiz.php#L1007	security@wordfence.com
14	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Quiz.php#L1041	security@wordfence.com
15	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Quiz.php#L888	security@wordfence.com
16	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Utils.php#L7829	security@wordfence.com
17	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Utils.php#L8020	security@wordfence.com
18	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/classes/Ajax.php#L294	security@wordfence.com
19	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/classes/Ajax.php#L507	security@wordfence.com
20	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/classes/Ajax.php#L586	security@wordfence.com
21	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/classes/Announcements.php#L105	security@wordfence.com
22	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/classes/Course.php#L1997	security@wordfence.com
23	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/classes/Course.php#L2045	security@wordfence.com
24	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/classes/Lesson.php#L186	security@wordfence.com
25	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/classes/Lesson.php#L243	security@wordfence.com
26	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/classes/Lesson.php#L341	security@wordfence.com
27	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/classes/Q_And_A.php#L219	security@wordfence.com
28	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/classes/Q_And_A.php#L297	security@wordfence.com
29	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/classes/Q_And_A.php#L339	security@wordfence.com
30	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/classes/Quiz.php#L1007	security@wordfence.com
31	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/classes/Quiz.php#L1041	security@wordfence.com
32	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/classes/Quiz.php#L888	security@wordfence.com
33	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/classes/Utils.php#L7829	security@wordfence.com
34	https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/classes/Utils.php#L8020	security@wordfence.com
35	https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Ajax.php#L294	security@wordfence.com
36	https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Ajax.php#L507	security@wordfence.com
37	https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Ajax.php#L586	security@wordfence.com
38	https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Announcements.php#L105	security@wordfence.com
39	https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Course.php#L1997	security@wordfence.com
40	https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Course.php#L2045	security@wordfence.com
41	https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Lesson.php#L186	security@wordfence.com
42	https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Lesson.php#L243	security@wordfence.com
43	https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Lesson.php#L341	security@wordfence.com
44	https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Q_And_A.php#L219	security@wordfence.com
45	https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Q_And_A.php#L297	security@wordfence.com
46	https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Q_And_A.php#L339	security@wordfence.com
47	https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Quiz.php#L1007	security@wordfence.com
48	https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Quiz.php#L1041	security@wordfence.com
49	https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Quiz.php#L888	security@wordfence.com
50	https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Utils.php#L7829	security@wordfence.com
51	https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Utils.php#L8020	security@wordfence.com
52	https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3518400%40tutor&new=3518400%40tutor&sfp_email=&sfph_mail=	security@wordfence.com
53	https://www.wordfence.com/threat-intel/vulnerabilities/id/55924ea3-373c-4297-a958-5670def1f6c0?source=cve	security@wordfence.com

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-639	ユーザ制御の鍵による認証回避	https://cwe.mitre.org/data/definitions/639.html