Critical Information Disclosure on WP Courses plugin <= 2.0.29 exposes private course videos and materials

Posted by Red Timmy Security on Sep 29

WP Courses is a WordPress plugin allowing to define courses with
lessons. The course can be:

– accessible to everyone without authentication;
– only available for logged-in users;
– only available for logged-in and paying users.

In the latter case, only when a user is registered to WordPress and has
bought the product via a third plugin (for example WooCommerce) the
contents of the lessons are shown.

We have stumbled upon a severe…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Critical Information Disclosure on WP Courses plugin <= 2.0.29 exposes private course videos and materials

Original Source

[HANDALA] – Ransomware Victim: Silicom

[INCRANSOM] – Ransomware Victim: Sa[.]SS Datentechnik

[BLACKSUIT] – Ransomware Victim: co[.]cullman[.]al[.]us

CVE Alert: CVE-2024-9511

CVE Alert: CVE-2024-11446

Original Source

You may have missed

[HANDALA] – Ransomware Victim: Silicom

[INCRANSOM] – Ransomware Victim: Sa[.]SS Datentechnik

[BLACKSUIT] – Ransomware Victim: co[.]cullman[.]al[.]us

CVE Alert: CVE-2024-9511

CVE Alert: CVE-2024-11446