Does Tutor LMS – Migration Tool have any unpatched vulnerabilities?

No. All known vulnerabilities in Tutor LMS – Migration Tool have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Tutor LMS – Migration Tool compatible with WordPress 6.8.5?

According to WordPress.org data, Tutor LMS – Migration Tool 2.4.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Tutor LMS – Migration Tool compatible with PHP 7.4+?

Tutor LMS – Migration Tool requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Tutor LMS – Migration Tool updated?

Tutor LMS – Migration Tool was last updated on Nov 11, 2025. Frequent updates are generally a positive security signal.

What is Tutor LMS – Migration Tool's security score?

Tutor LMS – Migration Tool has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tutor LMS – Migration Tool Security & Risk Analysis

wordpress.org/plugins/tutor-lms-migration-tool

Move all your course, quiz, order data information and everything else from your LMS to the better Tutor LMS by simply clicking a button.

1K active installs v2.4.1 PHP 7.4+ WP 5.3+ Updated Nov 11, 2025

courseeducationelearninglmsmigration

A · Safe

CVEs total2

Unpatched0

Last CVEJul 26, 2024

Plugin page Download

Safety Verdict

Is Tutor LMS – Migration Tool Safe to Use in 2026?

Generally Safe

Score 99/100

Tutor LMS – Migration Tool has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jul 26, 2024Updated 4mo ago

Risk Assessment

The "tutor-lms-migration-tool" v2.4.1 exhibits a concerning security posture due to a significant number of unprotected AJAX handlers. While the plugin shows good practices in SQL query preparation and output escaping, the sheer volume of entry points (19) that lack authorization checks creates a substantial attack surface. This, coupled with a complete absence of nonce checks on these AJAX handlers, means that any authenticated user could potentially trigger these actions, leading to unintended consequences or privilege escalation if not properly secured within the handler logic itself.

The vulnerability history reveals a pattern of medium-severity issues, primarily related to missing authorization. The fact that there are no currently unpatched CVEs is positive, but the recurring nature of authorization flaws suggests a systemic weakness in how user permissions are validated. The absence of any critical or high-severity taint flows is a mitigating factor, indicating that currently identified data flow issues are not leading to severe code execution or data exfiltration scenarios. However, the static analysis shows potential for issues like file operations that, if exploited in conjunction with authorization bypasses, could pose risks.

In conclusion, while the plugin has strengths in its SQL and output sanitization, the unprotected AJAX handlers and past authorization vulnerabilities represent significant risks. The lack of nonce checks on these numerous entry points is a critical oversight. Future development should prioritize implementing robust authorization and nonce validation across all AJAX endpoints to mitigate these identified weaknesses. The plugin's history of medium severity authorization issues warrants careful attention and proactive security measures.

Key Concerns

19 unprotected AJAX handlers
0 nonce checks on AJAX handlers
2 medium severity CVEs
2 capability checks only

Vulnerabilities

Tutor LMS – Migration Tool Security Vulnerabilities

CVEs by Year

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-1798medium · 5.3Missing Authorization

Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_lp_export_xml

Jul 26, 2024 Patched in 2.2.1 (363d)

CVE-2024-1804medium · 4.3Missing Authorization

Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_import_from_xml

Jul 26, 2024 Patched in 2.2.1 (364d)

Code Analysis

Analyzed Mar 16, 2026

Tutor LMS – Migration Tool Code Analysis

Dangerous Functions

Raw SQL Queries

98 prepared

Unescaped Output

74 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

82% prepared120 total queries

Output Escaping

81% escaped91 total outputs

Attack Surface

19 unprotected

Tutor LMS – Migration Tool Attack Surface

Entry Points19

Unprotected19

AJAX Handlers 19

authwp_ajax_tutor_import_from_ldclasses\LDtoTutorExport.php:12

authwp_ajax_insert_tutor_migration_dataclasses\LDtoTutorMigration.php:25

authwp_ajax_ld_migrate_all_data_to_tutorclasses\LDtoTutorMigration.php:26

authwp_ajax_ld_reset_migrated_items_countclasses\LDtoTutorMigration.php:27

authwp_ajax__get_ld_live_progress_course_migrating_infoclasses\LDtoTutorMigration.php:28

authwp_ajax_insert_tutor_migration_dataclasses\LIFtoTutorMigration.php:17

authwp_ajax_lif_migrate_all_data_to_tutorclasses\LIFtoTutorMigration.php:18

authwp_ajax_tlmt_reset_migrated_items_countclasses\LIFtoTutorMigration.php:19

authwp_ajax__get_lif_live_progress_course_migrating_infoclasses\LIFtoTutorMigration.php:21

authwp_ajax_tutor_import_from_xml_lifclasses\LIFtoTutorMigration.php:25

authwp_ajax_insert_tutor_migration_dataclasses\LPtoTutorMigration.php:10

authwp_ajax_lp_migrate_all_data_to_tutorclasses\LPtoTutorMigration.php:11

authwp_ajax_tlmt_reset_migrated_items_countclasses\LPtoTutorMigration.php:12

authwp_ajax__get_lp_live_progress_course_migrating_infoclasses\LPtoTutorMigration.php:14

authwp_ajax_tutor_import_from_xmlclasses\LPtoTutorMigration.php:19

authwp_ajax_install_tutor_pluginclasses\TutorLMSMigrationTool.php:74

authwp_ajax_tlmt_migrate_sales_datainc\SalesData\MigrationHandler.php:57

authwp_ajax_tmlt_get_sales_data_historyinc\SalesData\MigrationHandler.php:58

authwp_ajax_tlmt_delete_sales_data_historyinc\SalesData\MigrationHandler.php:59

WordPress Hooks 30

actiontutor_action_tutor_ld_export_xmlclasses\LDtoTutorExport.php:13

filtertutor_tool_pagesclasses\LDtoTutorMigration.php:24

actiontutor_action_ld_order_migrateclasses\LDtoTutorMigration.php:29

filtertutor_tool_pagesclasses\LIFtoTutorMigration.php:16

actiontutor_action_migrate_lif_orders_earningclasses\LIFtoTutorMigration.php:22

actiontutor_action_migrate_lif_ordersclasses\LIFtoTutorMigration.php:23

actiontutor_action_tutor_lif_export_xmlclasses\LIFtoTutorMigration.php:26

filtertutor_tool_pagesclasses\LPtoTutorMigration.php:9

actiontutor_action_migrate_lp_ordersclasses\LPtoTutorMigration.php:16

actiontutor_action_migrate_lp_reviewsclasses\LPtoTutorMigration.php:17

actiontutor_action_tutor_lp_export_xmlclasses\LPtoTutorMigration.php:20

actionplugins_loadedclasses\TutorLMSMigrationTool.php:51

actionadmin_action_activate_tutor_freeclasses\TutorLMSMigrationTool.php:75

actionadmin_noticesclasses\TutorLMSMigrationTool.php:78

actionadmin_noticesclasses\TutorLMSMigrationTool.php:79

actionadmin_enqueue_scriptsclasses\TutorLMSMigrationTool.php:258

actiontlmt_course_migratedinc\ActionHandler.php:28

actiontlmt_lesson_migratedinc\ActionHandler.php:29

actiontlmt_quiz_migratedinc\ActionHandler.php:30

actiontlmt_attach_productinc\ActionHandler.php:31

actiontlmt_student_progress_migratedinc\ActionHandler.php:32

actiontlmt_assignment_migratedinc\ActionHandler.php:33

actiontlml_delete_learndash_quiz_questionsinc\ActionHandler.php:34

actiontlmt_delete_learndash_quiz_statisticinc\LDMigration\StudentProgress.php:45

filtertutor_tool_pagesinc\SalesData\InitSalesMigration.php:30

actiontlmt_before_processing_subscriptions_jobinc\SalesData\WooToNative\Subscriptions\Subscriptions.php:118

actionplugins_loadedtutor-lms-migration-tool.php:87

actionwp_logintutor-lms-migration-tool.php:102

actionwp_logintutor-lms-migration-tool.php:120

actionwp_logintutor-lms-migration-tool.php:139

Maintenance & Trust

Tutor LMS – Migration Tool Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 11, 2025

PHP min version7.4

Downloads36K

Community Trust

Rating100/100

Number of ratings4

Active installs1K

Alternatives

Tutor LMS – Migration Tool Alternatives

Tutor LMS – eLearning and online course solution

tutor

A complete WordPress LMS plugin to create any eLearning website easily.

100K 60 CVEs

LearnPress – WordPress LMS Plugin for Create and Sell Online Courses

learnpress

A WordPress LMS Plugin to create WordPress Learning Management System. Turn your WordPress to LMS WordPress Website with Courses, Lessons, Quizzes &am …

80K 63 CVEs

MasterStudy LMS WordPress Plugin – for Online Courses and Education

masterstudy-lms-learning-management-system

Learning Management System and eLearning plugin for WordPress. Create easily LMS WordPress website, add and sell Courses, Lessons, Quizzes online.

10K 24 CVEs

Masteriyo LMS – Online Course Builder for eLearning, LMS & Education

learning-management-system

The complete WordPress LMS plugin for course creation & monetization. Create engaging courses, lessons, quizzes, assignments & certificates.

4K 10 CVEs

Academy LMS – WordPress LMS Plugin for Complete eLearning Solution

academy

Academy LMS is the all-rounder among all WordPress LMS plugins. A complete solution, easy to use, feature-rich and provides powerful integrations.

2K 11 CVEs

Developer Profile

Tutor LMS – Migration Tool Developer Profile

Themeum

14 plugins · 675K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

269 days

View full developer profile

Detection Fingerprints

How We Detect Tutor LMS – Migration Tool

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tutor-lms-migration-tool/assets/css/main.css/wp-content/plugins/tutor-lms-migration-tool/assets/js/main.js/wp-content/plugins/tutor-lms-migration-tool/assets/js/vuetify.js/wp-content/plugins/tutor-lms-migration-tool/assets/js/vue.js/wp-content/plugins/tutor-lms-migration-tool/assets/css/vuetify.min.css

Script Paths

/wp-content/plugins/tutor-lms-migration-tool/assets/js/main.js/wp-content/plugins/tutor-lms-migration-tool/assets/js/vue.js/wp-content/plugins/tutor-lms-migration-tool/assets/js/vuetify.js

Version Parameters

tutor-lms-migration-tool/assets/css/main.css?ver=tutor-lms-migration-tool/assets/js/main.js?ver=tutor-lms-migration-tool/assets/js/vuetify.js?ver=tutor-lms-migration-tool/assets/js/vue.js?ver=tutor-lms-migration-tool/assets/css/vuetify.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

tutor-install-noticetutor-install-notice-innertutor-install-notice-icontutor-install-notice-content

HTML Comments

Data Attributes

data-v-app

JS Globals

TLMT_VERSIONTLMT_FILETLMT_PATHTLMT_URLTLMT_BASENAMETLMT_PLUGIN_NAME+4 more

FAQ