WordPress · Tutor Lms · CVE-2023-3133
**Name of the Vulnerable Software and Affected Versions**
Tutor LMS WordPress plugin versions prior to 2.2.1
**Description**
The issue concerns inadequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available.
**Recommendations**
For versions prior to 2.2.1, update to version 2.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API endpoints until the update is applied.