← Back

CVE-2023-3133

nvd nist
Published: Jul 4, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available.

Affected (1)

Products: Themeum: Tutor Lms
Themeum
1 product
Tutor Lms
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Tutor Lms
Before 2.2.1

References (6)

Source: contact@wpscan.com
Product
Source: contact@wpscan.com
Product
Source: contact@wpscan.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.