Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:9215B11F-26AE-4A66-9971-BC8347D510E3
HistorySep 28, 2020 - 12:00 a.m.

WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure

2020-09-2800:00:00
wpscan.com
9
wordpress
courses
access controls
rest api
security

EPSS

0.089

Percentile

94.6%

JSON

The plugin does not protect the courses which could be accessed by unauthenticated users using the REST API (/wp-jon/) endpoints. This could result in attackers accessing paying content without authorisation.

Related

patchstack 1
cvelist 1
cve 1
nuclei 1
nvd 1
prion 1
patchstack
patchstack
WordPress WP Courses LMS plugin <= 2.0.28 - Broken Access Controls leading to Courses Content Disclosure vulnerability
2020-09-28 00:00:00
cvelist
cvelist
CVE-2020-26876
2020-10-07 16:56:25
cve
cve
CVE-2020-26876
2020-10-07 17:15:15
nuclei
nuclei
WordPress WP Courses Plugin Information Disclosure
2020-10-20 16:46:12
nvd
nvd
CVE-2020-26876
2020-10-07 17:15:15
prion
prion
Design/Logic Flaw
2020-10-07 17:15:00

EPSS

0.089

Percentile

94.6%

JSON
Related for WPVDB-ID:9215B11F-26AE-4A66-9971-BC8347D510E3
patchstack1cvelist1cve1nuclei1nvd1prion1