CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38701 – WordPress Academy LMS plugin <= 2.0.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-38701
11 Jul 2024 — Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en Academy LMS. Este problema afecta a Academy LMS: desde n/a hasta 2.0.4. The Academy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the quiz_attempts_permissions_check() function in versions up to, and including, 2.0.4. This makes... • https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-2-0-4-broken-access-control-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key CWE-862: Missing Authorization •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37234 – WordPress Academy LMS plugin <= 2.0.4 - Open Redirection vulnerability
https://notcve.org/view.php?id=CVE-2024-37234
21 Jun 2024 — URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4. Vulnerabilidad de redirección de URL a un sitio que no es de confianza ("Open Redirect") en Kodezen Limited Academy LMS. Este problema afecta a Academy LMS: desde n/a hasta 2.0.4. The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.0.10. This is due ... • https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-2-0-2-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35171 – WordPress Academy LMS plugin <= 1.9.25 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-35171
10 May 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.25. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Academy LMS Academy. Este problema afecta a Academy LMS: desde n/a hasta 1.9.25. The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.25. This mak... • https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-1-9-25-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33912 – WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control on Paid Courses vulnerability
https://notcve.org/view.php?id=CVE-2024-33912
29 Apr 2024 — Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16. Vulnerabilidad de autorización faltante en Academy LMS. Este problema afecta a Academy LMS: desde n/a hasta 1.9.16. The Academy LMS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on afunction in versions up to, and including, 1.9.16. This makes it possible for authenticated attackers, with student-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-1-9-16-broken-access-control-on-paid-courses-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32714 – WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32714
22 Apr 2024 — Missing Authorization vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.16. Vulnerabilidad de autorización faltante en Academy LMS Academy. Este problema afecta a Academy LMS: desde n/a hasta 1.9.16. The Academy LMS plugin for WordPress is vulnerable to unauthorized access due to insufficient validation on the enroll_course() function in versions up to, and including, 1.9.16. This makes it possible for authenticated attackers, with subscriber-level access and above, t... • https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-1-9-16-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •