Nixpkgs Security Tracker

Permalink CVE-2025-32223

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 2 days, 19 hours ago

WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 3.9.4.

References

https://patchstack.com/database/wordpress/plugin/tutor/vulnerability/wordpress-… vdb-entry

Affected products

tutor

=<3.9.4

Matching in nixpkgs

pkgs.typstPackages.tutor

Utilities to create exams

nixos-unstable 0.8.0
- nixpkgs-unstable 0.8.0
- nixos-unstable-small 0.8.0
nixos-25.11 0.8.0
- nixos-25.11-small 0.8.0
- nixpkgs-25.11-darwin 0.8.0

pkgs.typstPackages.tutor_0_3_0

Utilities to create exams

nixos-unstable 0.3.0
- nixpkgs-unstable 0.3.0
- nixos-unstable-small 0.3.0
nixos-25.11 0.3.0
- nixos-25.11-small 0.3.0
- nixpkgs-25.11-darwin 0.3.0

pkgs.typstPackages.tutor_0_4_0

Utilities to create exams

nixos-unstable 0.4.0
- nixpkgs-unstable 0.4.0
- nixos-unstable-small 0.4.0
nixos-25.11 0.4.0
- nixos-25.11-small 0.4.0
- nixpkgs-25.11-darwin 0.4.0

pkgs.typstPackages.tutor_0_6_1

Utilities to create exams

nixos-unstable 0.6.1
- nixpkgs-unstable 0.6.1
- nixos-unstable-small 0.6.1
nixos-25.11 0.6.1
- nixos-25.11-small 0.6.1
- nixpkgs-25.11-darwin 0.6.1

pkgs.typstPackages.tutor_0_7_0

Utilities to create exams

nixos-unstable 0.7.0
- nixpkgs-unstable 0.7.0
- nixos-unstable-small 0.7.0
nixos-25.11 0.7.0
- nixos-25.11-small 0.7.0
- nixpkgs-25.11-darwin 0.7.0

pkgs.typstPackages.tutor_0_8_0

Utilities to create exams

nixos-unstable 0.8.0
- nixpkgs-unstable 0.8.0
- nixos-unstable-small 0.8.0
nixos-25.11 0.8.0
- nixos-25.11-small 0.8.0
- nixpkgs-25.11-darwin 0.8.0

pkgs.haskellPackages.egison-tutorial

A tutorial program for the Egison programming language

nixos-unstable 4.1.3
- nixpkgs-unstable 4.1.3
- nixos-unstable-small 4.1.3

pkgs.perlPackages.TaskCatalystTutorial

Everything you need to follow the Catalyst Tutorial

nixos-unstable 0.06
- nixpkgs-unstable 0.06
- nixos-unstable-small 0.06
nixos-25.11 0.06
- nixos-25.11-small 0.06
- nixpkgs-25.11-darwin 0.06

pkgs.haskellPackages.timeless-tutorials

Initial project template from stack

nixos-unstable 1.0.0.0
- nixpkgs-unstable 1.0.0.0
- nixos-unstable-small 1.0.0.0
nixos-25.11 1.0.0.0
- nixos-25.11-small 1.0.0.0
- nixpkgs-25.11-darwin 1.0.0.0

pkgs.perl5Packages.TaskCatalystTutorial

Everything you need to follow the Catalyst Tutorial

nixos-unstable 0.06
- nixpkgs-unstable 0.06
- nixos-unstable-small 0.06

pkgs.perl538Packages.TaskCatalystTutorial

Everything you need to follow the Catalyst Tutorial

nixos-25.11 0.06
- nixos-25.11-small 0.06
- nixpkgs-25.11-darwin 0.06

pkgs.perl540Packages.TaskCatalystTutorial

Everything you need to follow the Catalyst Tutorial

nixos-25.11 0.06
- nixos-25.11-small 0.06
- nixpkgs-25.11-darwin 0.06

Package maintainers

@cherrypiejam Gongqi Huang
@RossSmyth Ross Smyth

Permalink CVE-2025-47555

8.1 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

created 1 month, 3 weeks ago

WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.4.