CVE-2025-67259

A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API requests. Changing a captured POST request to a GET request against the /rest/v1/course PostgREST...

PT-2026-34882

A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API requests. Changing a captured POST request to a GET request against the /rest/v1/course PostgREST...

WordPress School Management Plugin <= 1.93.1 (02-07-2025) - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin School Management versions = 1.93.1 02-07-2025...

WordPress Academy LMS Plugin <= 1.9.16 is vulnerable to Broken Access Control

Software Academy LMS Type Plugin Vulnerable versions = 1.9.16 Fixed in 1.9.17 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33912 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 5a16f30edc5a Credits Steven Julian Required privileg...