CVE-2023-3133: Tutor LMS < 2.2.1 - Unauthenticated Access to Tutor LMS Lesson Resources via REST API
First published: Tue Jul 04 2023(Updated: )
The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Themeum Tutor Lms | <2.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-3133?
CVE-2023-3133 is a vulnerability in the Tutor LMS WordPress plugin before version 2.2.1 that allows unauthenticated attackers to access information from Lessons that should not be publicly available.
How severe is CVE-2023-3133?
CVE-2023-3133 has a severity value of 7.5, which is considered high.
What software is affected by CVE-2023-3133?
The Tutor LMS WordPress plugin before version 2.2.1 is affected by CVE-2023-3133.
How do I fix CVE-2023-3133?
To fix CVE-2023-3133, you should upgrade your Tutor LMS WordPress plugin to version 2.2.1 or newer.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/title
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/themeum
- canonical/themeum tutor lms