Primary

Context

Thim Kit for Elementor Missing Authorization Vulnerability Allowing Unauthenticated Access to Private Course Data

Vulnerability

A vulnerability exists in the Thim Kit for Elementor WordPress plugin, specifically in versions through 1.3.7. The issue arises from inadequate validation on the 'thim-ekit/archive-course/get-courses' REST endpoint, enabling unauthenticated attackers to access and disclose private or draft LearnPress course content by manipulating the post_status parameter. This unauthorized data access could lead to the exposure of sensitive course information.

Impact

Exploitation of this vulnerability allows for unauthorized disclosure of private or draft LearnPress course content.

Remediation

Users are advised to update the Thim Kit for Elementor plugin to version 1.3.8 or later.

Added: Mar 16, 2026, 2:32 PM

Updated: Mar 16, 2026, 2:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.7

remediation

0.0

relevance

4.0

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.7

remediation

0.0

relevance

4.0

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Thim Kit for Elementor Missing Authorization Vulnerability Allowing Unauthenticated Access to Private Course Data

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating