CVE-2023-3345

Name of the Vulnerable Software and Affected Versions The LMS by Masteriyo WordPress plugin versions prior to 1.6.8

Description The issue concerns improper authorization in some of the plugin's REST API endpoints. This allows any students to retrieve email addresses of other students, effectively leaking sensitive user information.

Recommendations For versions prior to 1.6.8, update to version 1.6.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable REST API endpoints until a patch is applied.