Lucene search
K

19 matches found

Nuclei
Nuclei
added 17 hours ago14 views

Masteriyo LMS <= 1.7.3 - Insecure Direct Object Reference

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3. id: CVE-2024-33939 info: name: Masteriyo LMS = 1.7.3 - Insecure Direct Object Reference author:...

5.3CVSS6.1AI score0.00843EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:32 a.m.7 views

EUVD-2026-40906

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.9.1 via the 'userId' parameter due to missing validation on a user controlled key. This makes it possible for...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/25 9:31 a.m.9 views

EUVD-2026-39186

The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user's course-progress records...

6.5CVSS5.8AI score0.00164EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 7:16 a.m.10 views

CVE-2026-10824

The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user's course-progress records...

6.5CVSS0.00164EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 6:0 a.m.19 views

CVE-2026-10824

The Masteriyo LMS WordPress plugin, version before 2.2.1, has missing authorization checks in the course-progress REST API controller. This allows unauthenticated users to read and permanently delete any user’s course-progress records. The vulnerability is caused by insufficient access control in...

6.5CVSS5.8AI score0.00164EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 6:0 a.m.35 views

CVE-2026-10824 Masteriyo LMS < 2.2.1 - Unauthenticated Course Progress Disclosure and Deletion

The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user's course-progress records...

0.00164EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/10 6:15 p.m.3 views

EUVD-2026-21541

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference IDOR vulnerability in the Learning Path progress saving endpoint. The file lpajaxsaveitem.php accepts a uid user ID parameter directly from $REQUEST and uses it t...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-58470

Malicious code in bioql PyPI...

4.3CVSS6.1AI score0.00347EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2024-54553

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00843EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:4 a.m.13 views

CVE-2023-6223

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...

4.3CVSS6.5AI score0.00347EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 4:38 p.m.14 views

CVE-2024-33939

Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through = 1.7.3...

5.3CVSS5.9AI score0.00843EPSS
Exploits0References1
OSV
OSV
added 2025/05/19 4:15 p.m.3 views

CVE-2024-33939

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3...

5.3CVSS5.8AI score0.00843EPSS
Exploits0References1
NVD
NVD
added 2025/05/19 4:15 p.m.8 views

CVE-2024-33939

Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through = 1.7.3...

5.3CVSS0.00843EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/19 12:0 a.m.6 views

PT-2025-21998

Name of the Vulnerable Software and Affected Versions: Masteriyo - LMS versions 1.7.3 and earlier Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel, allowing unauthorized access to course progress. Recommendations: For Masteriyo - LMS versions 1.7.3...

5.3CVSS6.4AI score0.00843EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.5 views

WordPress plugin Masteriyo - LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

5.3CVSS6.6AI score0.00843EPSS
Exploits0References1
OSV
OSV
added 2024/01/11 7:15 a.m.7 views

CVE-2023-6223

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...

4.3CVSS7.3AI score0.00347EPSS
Exploits0References2
Prion
Prion
added 2024/01/11 7:15 a.m.22 views

Input validation

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...

4CVSS6.8AI score0.00347EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/11 6:49 a.m.9 views

CVE-2023-6223 LearnPress <= 4.2.5.7 - Insecure Direct Object Reference to Information Disclosure

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...

4.3CVSS6.6AI score0.00347EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.25 views

LearnPress < 4.2.5.8 - Subscriber+ Arbitrary Course Progress Disclosure

Description The plugin is vulnerable to Insecure Direct Object Reference in the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve the...

4.3CVSS6.8AI score0.00347EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder