EPSS
Percentile
94.6%
The plugin does not protect the courses which could be accessed by unauthenticated users using the REST API (/wp-jon/) endpoints. This could result in attackers accessing paying content without authorisation.
packetstormsecurity.com/files/159301/
vulners.com/exploitdb/EDB-ID:48910
www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/