PT-2023-25142 · Stylemixthemes · Stylemixthemes Masterstudy Lms Wordpress Plugin

Rafshanzani Suhada

Published

2023-06-22

Updated

2023-06-28

CVE-2023-35093

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions StylemixThemes MasterStudy LMS WordPress Plugin versions <= 3.0.8

Description The issue allows any logged-in users, such as subscribers, to view the "Orders" of the plugin and access data related to the order, including email, username, and more.

Recommendations For versions <= 3.0.8, update to a version greater than 3.0.8 to resolve the issue. As a temporary workaround, consider restricting access to the "Orders" section of the plugin to minimize the risk of exploitation.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2023-35093

Affected Products

Stylemixthemes Masterstudy Lms Wordpress Plugin

PT-2023-25142 · Stylemixthemes · Stylemixthemes Masterstudy Lms Wordpress Plugin

CVE-2023-35093

Weakness Enumeration

Related Identifiers

Affected Products

References · 4