Tutor LMS <= 3.9.13 - Authenticated (Author+) Stored Cross-Site Scripting via Lesson Attachment Title_CVE-2026-13443
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Lesson Attachment Title in all versions up to, and including, 3.9.13 due to insufficient input sanitization and output escaping. This makes it possible fo...