The Tutor LMS WordPress plugin prior to 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated malicious users to access information from Lessons that should not be publicly available.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
themeum tutor lms |