The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available.
History

Thu, 21 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-07-04T07:23:24.882Z

Updated: 2024-11-21T15:05:21.758Z

Reserved: 2023-06-06T20:09:27.235Z

Link: CVE-2023-3133

cve-icon Vulnrichment

Updated: 2024-08-02T06:48:07.356Z

cve-icon NVD

Status : Modified

Published: 2023-07-04T08:15:10.460

Modified: 2024-11-21T08:16:31.913

Link: CVE-2023-3133

cve-icon Redhat

No data.