The vulnerability exists in the Thim Kit for Elementor plugin for WordPress, where the 'thim-ekit/archive-course/get-courses' REST endpoint lacks proper authorization checks. This oversight is classified as CWE-862 (Missing Authorization). An unauthenticated attacker can trigger the endpoint and supply a post_status parameter, causing the plugin to return private or draft LearnPress course content. Consequently, confidential learning materials and personal data stored within courses become exposed to anyone who can craft a request to the endpoint.

The issue affects the thimpress Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor product, specifically all releases up to and including version 1.3.7. No additional impacted versions were reported in the provided information.

The CVSS score of 5.3 indicates a moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw remotely by sending crafted HTTP requests to the REST endpoint without needing authentication. If successful, they can retrieve private or draft course content, potentially compromising confidentiality and, if the content includes sensitive instructor or student data, could lead to broader privacy violations.