4 matches found
CVE-2023-3133 Tutor LMS < 2.2.1 - Unauthenticated Access to Tutor LMS Lesson Resources via REST API
The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available...
CVE-2023-3133
The CVE-2023-3133 entry concerns the Tutor LMS WordPress plugin (pre-2.2.1) where REST API endpoints do not perform adequate permission checks, allowing unauthenticated access to information from Lessons that should not be publicly available. Affected product: Tutor LMS WordPress plugin; vulnerab...
CVE-2023-3133 Tutor LMS < 2.2.1 - Unauthenticated Access to Tutor LMS Lesson Resources via REST API
The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available...
WordPress Tutor LMS Plugin < 2.2.1 is vulnerable to Broken Access Control
Software Tutor LMS Type Plugin Vulnerable versions 2.2.1 Fixed in 2.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3133 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 46e68bdc901b Credits A. S. M. Muhiminul Hasan Required...