Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

2 vulnerabilities found for LMS by Masteriyo by Unknown

CVE-2023-3345 (GCVE-0-2023-3345)

Vulnerability from nvd – Published: 2023-07-31 09:37 – Updated: 2024-08-30 13:34
VLAI?
Title
LMS by Masteriyo < 1.6.8 - Information Exposure
Summary
The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students
Severity ?
No CVSS data available.
CWE
Assigner
References
https://wpscan.com/vulnerability/0d07423e-98d2-43… exploitvdb-entrytechnical-description
Impacted products
Vendor Product Version
Unknown LMS by Masteriyo Affected: 0 , < 1.6.8 (custom)
Create a notification for this product.
Credits
Yassir Sbai Fahim WPScan
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:55:02.693Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "exploit",
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/0d07423e-98d2-43a3-824d-562747a3d65a"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3345",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-30T13:33:59.743546Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-30T13:34:18.185Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "product": "LMS by Masteriyo",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "1.6.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Yassir Sbai Fahim"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-30T08:35:57.038Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/0d07423e-98d2-43a3-824d-562747a3d65a"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "LMS by Masteriyo \u003c 1.6.8 - Information Exposure",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2023-3345",
    "datePublished": "2023-07-31T09:37:36.423Z",
    "dateReserved": "2023-06-20T19:06:59.169Z",
    "dateUpdated": "2024-08-30T13:34:18.185Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3345 (GCVE-0-2023-3345)

Vulnerability from cvelistv5 – Published: 2023-07-31 09:37 – Updated: 2024-08-30 13:34
VLAI?
Title
LMS by Masteriyo < 1.6.8 - Information Exposure
Summary
The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students
Severity ?
No CVSS data available.
CWE
Assigner
References
https://wpscan.com/vulnerability/0d07423e-98d2-43… exploitvdb-entrytechnical-description
Impacted products
Vendor Product Version
Unknown LMS by Masteriyo Affected: 0 , < 1.6.8 (custom)
Create a notification for this product.
Credits
Yassir Sbai Fahim WPScan
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:55:02.693Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "exploit",
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/0d07423e-98d2-43a3-824d-562747a3d65a"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3345",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-30T13:33:59.743546Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-30T13:34:18.185Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "product": "LMS by Masteriyo",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "1.6.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Yassir Sbai Fahim"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-30T08:35:57.038Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/0d07423e-98d2-43a3-824d-562747a3d65a"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "LMS by Masteriyo \u003c 1.6.8 - Information Exposure",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2023-3345",
    "datePublished": "2023-07-31T09:37:36.423Z",
    "dateReserved": "2023-06-20T19:06:59.169Z",
    "dateUpdated": "2024-08-30T13:34:18.185Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}