CVE-2023-3133

Name of the Vulnerable Software and Affected Versions Tutor LMS WordPress plugin versions prior to 2.2.1

Description The issue concerns inadequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available.

Recommendations For versions prior to 2.2.1, update to version 2.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API endpoints until the update is applied.