CVE-2023-35093

MEDIUM

StylemixThemes MasterStudy LMS WordPress Plugin <= 3.0.8 - Broken Access Control

Title source: llm
STIX 2.1

Description

Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more.

Scores

CVSS v3 6.5
EPSS 0.0056
EPSS Percentile 42.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (2)
StylemixThemes/MasterStudy LMS WordPress Plugin – for Online Courses and Education < 3.0.8
stylemixthemes/masterstudy_lms < 3.0.8
Published Jun 22, 2023
Tracked Since Feb 18, 2026