Wp Courses
Monthly
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by using the /wp-json REST API, as exploited in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by using the /wp-json REST API, as exploited in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.