CVE-2023-3345

Summary

The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students

Affected Software

VendorProductVersion RangeStatus
UnknownLMS by Masteriyo0 < 1.6.8affected

Weaknesses

  • CWE-863 Incorrect Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References