CVE-2026-1870 | thimpress Thim Kit for Elementor Plugin up to 1.3.7 on WordPress REST Endpoint get-courses post_status authorization

Inserito da Angelo Barbosa | Mar 14, 2026 | CVE

A vulnerability has been found in thimpress Thim Kit for Elementor Plugin up to 1.3.7 on WordPress and classified as problematic. Impacted is an unknown function of the file /thim-ekit/archive-course/get-courses of the component REST Endpoint. Performing a manipulation of the argument post_status results in missing authorization.

This vulnerability is identified as CVE-2026-1870. The attack can be initiated remotely. There is not any exploit available.

CVE-2026-1870 | thimpress Thim Kit for Elementor Plugin up to 1.3.7 on WordPress REST Endpoint get-courses post_status authorization

Post correlati

CVE-2023-6594 | Button Plugin up to 9.7.4 on WordPress cross site scripting

CVE-2025-13646 | Modula Image Gallery Plugin up to 2.13.1/2.13.2 on WordPress ajax_unzip_file race condition

CVE-2025-4971 | Broadcom Automic Automation up to 21.0.13/24.3.0 HF3 untrusted search path

CVE-2023-51577 | Voltronic Power ViewPower Pro setShutdown Local Privilege Escalation (ZDI-23-1883)