CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38701 – WordPress Academy LMS plugin <= 2.0.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-38701
Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en Academy LMS. Este problema afecta a Academy LMS: desde n/a hasta 2.0.4. The Academy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the quiz_attempts_permissions_check() function in versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with academy instructor-level access and above, to view quiz results of private quizzes. • https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-2-0-4-broken-access-control-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key CWE-862: Missing Authorization •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37234 – WordPress Academy LMS plugin <= 2.0.4 - Open Redirection vulnerability
https://notcve.org/view.php?id=CVE-2024-37234
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4. Vulnerabilidad de redirección de URL a un sitio que no es de confianza ("Open Redirect") en Kodezen Limited Academy LMS. Este problema afecta a Academy LMS: desde n/a hasta 2.0.4. The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.0.10. This is due to insufficient validation on the redirect url supplied. • https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-2-0-2-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35171 – WordPress Academy LMS plugin <= 1.9.25 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-35171
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.25. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Academy LMS Academy. Este problema afecta a Academy LMS: desde n/a hasta 1.9.25. The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.25. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-1-9-25-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33912 – WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control on Paid Courses vulnerability
https://notcve.org/view.php?id=CVE-2024-33912
Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16. Vulnerabilidad de autorización faltante en Academy LMS. Este problema afecta a Academy LMS: desde n/a hasta 1.9.16. The Academy LMS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on afunction in versions up to, and including, 1.9.16. This makes it possible for authenticated attackers, with student-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-1-9-16-broken-access-control-on-paid-courses-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32714 – WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32714
Missing Authorization vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.16. Vulnerabilidad de autorización faltante en Academy LMS Academy. Este problema afecta a Academy LMS: desde n/a hasta 1.9.16. The Academy LMS plugin for WordPress is vulnerable to unauthorized access due to insufficient validation on the enroll_course() function in versions up to, and including, 1.9.16. This makes it possible for authenticated attackers, with subscriber-level access and above, to enroll in paid courses for free. • https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-1-9-16-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •