3 matches found
CVE-2023-3345
CVE-2023-3345 affects the LMS by Masteriyo WordPress plugin prior to 1.6.8. The plugin’s REST API endpoints lack proper authorization, enabling any student to retrieve other students’ email addresses (information disclosure). Root cause per connected details: insufficient access checks on REST ro...
CVE-2024-24882
CVE-2024-24882 affects the WordPress plugin Masteriyo LMS (
CVE-2024-33939
CVE-2024-33939 relates to the WordPress plugin Masteriyo – LMS (<= 1.7.3). Affected component: Masteriyo LMS REST endpoints exposing course progress data. Root cause: authentication/authorization bypass (insecure direct object reference) that allows unauthenticated users to access course progr...