Lucene search
+L

4 matches found

CVE
CVE
added 2026/07/02 5:35 a.m.19 views

CVE-2026-5348

The CVE concerns the WordPress plugin Academy LMS (WordPress LMS Plugin for Complete eLearning Solution) up to version 3.8.1. The root cause is the REST API endpoint /topics being registered with a permission callback of __return_true, which permits unauthenticated access to course curriculum dat...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:35 a.m.7 views

CVE-2026-5348

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.8.1. This is due to the '/topics' REST API endpoint being registered with a permission callback set to 'returntrue',...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/02 5:35 a.m.39 views

CVE-2026-5348 Academy LMS <= 3.8.1 - Unauthenticated Insecure Direct Object Reference to Private Topic Disclosure

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.8.1. This is due to the '/topics' REST API endpoint being registered with a permission callback set to 'returntrue',...

5.3CVSS0.00262EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/07/04 12:0 a.m.8 views

WordPress plugin Tutor LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

7.5CVSS7.6AI score0.00984EPSS
Exploits2References4
Rows per page
Query Builder