Unrated severityNVD Advisory· Published Jul 4, 2023· Updated Nov 21, 2024
Tutor LMS < 2.2.1 - Unauthenticated Access to Tutor LMS Lesson Resources via REST API
CVE-2023-3133
Description
The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Package: https://wordpress.org/plugins/tutor
Patches
Vulnerability mechanics
References
3- plugins.trac.wordpress.org/browser/tutor/tags/2.2.0/classes/RestAPI.phpmitrepatch
- wpscan.com/vulnerability/3b6969a7-5cbc-4e16-8f27-5dde481237f5mitreexploitvdb-entrytechnical-description
- wordpress.org/plugins/tutor/mitre
News mentions
0No linked articles in our index yet.