CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43298 – WordPress Clone plugin <= 2.4.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43298
16 Aug 2024 — Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5. The Clone plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpa_wpc_ajax_install_new() function in versions up to, and including, 2.4.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to install a backup plugin. • https://patchstack.com/database/vulnerability/wp-clone-by-wp-academy/wordpress-clone-plugin-2-4-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38701 – WordPress Academy LMS plugin <= 2.0.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-38701
11 Jul 2024 — Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en Academy LMS. Este problema afecta a Academy LMS: desde n/a hasta 2.0.4. The Academy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the quiz_attempts_permissions_check() function in versions up to, and including, 2.0.4. This makes... • https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-2-0-4-broken-access-control-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key CWE-862: Missing Authorization •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37234 – WordPress Academy LMS plugin <= 2.0.4 - Open Redirection vulnerability
https://notcve.org/view.php?id=CVE-2024-37234
21 Jun 2024 — URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4. Vulnerabilidad de redirección de URL a un sitio que no es de confianza ("Open Redirect") en Kodezen Limited Academy LMS. Este problema afecta a Academy LMS: desde n/a hasta 2.0.4. The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.0.10. This is due ... • https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-2-0-2-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35171 – WordPress Academy LMS plugin <= 1.9.25 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-35171
10 May 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.25. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Academy LMS Academy. Este problema afecta a Academy LMS: desde n/a hasta 1.9.25. The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.25. This mak... • https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-1-9-25-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33912 – WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control on Paid Courses vulnerability
https://notcve.org/view.php?id=CVE-2024-33912
29 Apr 2024 — Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16. Vulnerabilidad de autorización faltante en Academy LMS. Este problema afecta a Academy LMS: desde n/a hasta 1.9.16. The Academy LMS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on afunction in versions up to, and including, 1.9.16. This makes it possible for authenticated attackers, with student-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-1-9-16-broken-access-control-on-paid-courses-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32714 – WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32714
22 Apr 2024 — Missing Authorization vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.16. Vulnerabilidad de autorización faltante en Academy LMS Academy. Este problema afecta a Academy LMS: desde n/a hasta 1.9.16. The Academy LMS plugin for WordPress is vulnerable to unauthorized access due to insufficient validation on the enroll_course() function in versions up to, and including, 1.9.16. This makes it possible for authenticated attackers, with subscriber-level access and above, t... • https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-1-9-16-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25486 – WordPress Clone plugin <= 2.3.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-25486
08 Mar 2023 — Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.3.7. The Clone plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp_ajax_tifm_save_decision function in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers with subscriber-level access, and above, to modify the 'Test new plugins before instal... • https://patchstack.com/database/wordpress/plugin/wp-clone-by-wp-academy/vulnerability/wordpress-clone-plugin-2-3-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •