Critical Information Disclosure on WP Courses plugin <= 2.0.29 exposes private course videos and materials

Posted by Red Timmy Security on Sep 29

WP Courses is a WordPress plugin allowing to define courses with
lessons. The course can be:

– accessible to everyone without authentication;
– only available for logged-in users;
– only available for logged-in and paying users.

In the latter case, only when a user is registered to WordPress and has
bought the product via a third plugin (for example WooCommerce) the
contents of the lessons are shown.

We have stumbled upon a severe…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source