CVE-2023-3345

LMS by Masteriyo < 1.6.8 - Information Exposure

EPSS 1.9%

Vexday Risk Score

18Bajo

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS —EPSS 1.9%KEV nãoPoC —Nuclei simMetasploit —Patch —

Ciclo de vida

31 jul 2023Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students

Productos afectados

Unknown · LMS by Masteriyo

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://wpscan.com/vulnerability/0d07423e-98d2-43a3-824d-562747a3d65a