CVE-2023-35093

2023-06-2212:15:12

CWE-862

[email protected]

web.nvd.nist.gov

stylemixthemes masterstudy lms

broken access control

cve-2023-35093

wordpress plugin

online courses

education

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

24.0%

JSON

Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the “Orders” of the plugin and get the data related to the order like email, username, and more.

Affected configurations

NVD

Node

stylemixthemesmasterstudy_lmsRange≤3.0.8wordpress

References

patchstack.com/database/vulnerability/masterstudy-lms-learning-management-system/wordpress-masterstudy-lms-plugin-3-0-7-broken-access-control-vulnerability?_s_id=cve