WordPress LearnPress plugin <= 4.2.3 - Unauthenticated Broken Access Control vulnerability
CVE-2023-36515
9.8CRITICAL
Summary
A missing authorization vulnerability has been identified in the ThimPress LearnPress Plugin, which compromises the security of installations running versions up to 4.2.3. This vulnerability allows unauthorized users to gain access to sensitive functionalities, potentially leading to unauthorized actions within the system. Maintaining robust access controls is critical to ensuring the integrity and security of web applications that utilize this plugin.
Affected Version(s)
LearnPress <= 4.2.3
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Rafie Muhammad (Patchstack)