CVE-2023-3345

MEDIUM NUCLEI

Masteriyo WordPress <1.6.8 - Info Disclosure

Title source: llm

Description

The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students

Nuclei Templates (1)

LMS by Masteriyo < 1.6.8 - Information Exposure

MEDIUMVERIFIEDby DhiyaneshDK

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/0d07423e-98d2-43a3-824d-562747a3d65a

Scores

CVSS v3 6.5

EPSS 0.6484

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (1)

themegrill/masteriyo < 1.6.8

Published Jul 31, 2023

Tracked Since Feb 18, 2026