WordPress WP Courses plugin versions 2.0.29 and below suffer from an issue that allows an unauthenticated attacker the ability to ex-filtrate all the content of courses through the WordPress REST API.
1dc9c867a49c8ff76a931ea288460a80bbe8cba8bbb23f594818102315099698