A vulnerability has been found in themeum Tutor LMS Plugin up to 3.9.9 on WordPress and classified as critical . Affected by this issue is the function get_course_id_by . The manipulation of the argument course leads to authorization bypass. This vulnerability is referenced as CVE-2026-6965 . Remote exploitation of the attack is possible. No exploit is available.