CVE-2026-1870
Awaiting Analysis
Awaiting Analysis - Queue
Unauthorized Data Access in Thim Kit for Elementor Plugin
Publication date: 2026-03-16
Last updated on: 2026-03-16
Assigner: Wordfence
Description
Description
The Thim Kit for Elementor β Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to disclose private or draft LearnPress course content by supplying post_status in the params_url payload.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| thim | thim_kit_for_elementor | to 1.3.7 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
