WordPress Thim Kit for Elementor plugin <= 1.3.7 - Missing Authorization to Unauthenticated Private Course Disclosure vulnerability

Missing Authorization to Unauthenticated Private Course Disclosure vulnerability discovered by Youssef Elouaer in WordPress Plugin Thim Elementor Kit versions = 1.3.7...

EUVD-2026-12184

The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and including, 1.3.7...

WordPress plugin Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-1870 Thim Kit for Elementor <= 1.3.7 - Missing Authorization to Unauthenticated Private Course Disclosure

The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and including, 1.3.7...

CVE-2026-1870

The CVE-2026-1870 case concerns the WordPress plugin Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor, affected up to version 1.3.7. The vulnerability arises from missing validation in the REST endpoint thim-ekit/archive-course/get-courses, allowing unauthenticated attackers t...