A vulnerability was found in themeum Tutor LMS Plugin up to 3.9.11 on WordPress. It has been rated as critical . The affected element is an unknown function. This manipulation of the argument data causes sql injection. The identification of this vulnerability is CVE-2026-10736 . It is possible to initiate the attack remotely. There is no exploit available.