VYPR
Unrated severityNVD Advisory· Published Jul 4, 2023· Updated Nov 21, 2024

Tutor LMS < 2.2.1 - Unauthenticated Access to Tutor LMS Lesson Resources via REST API

CVE-2023-3133

Description

The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.