WordPress Masteriyo LMS plugin <= 1.11.4 - Broken Access Control vulnerability
CVE-2024-43158
7.5HIGH
What is CVE-2024-43158?
A missing authorization vulnerability exists in the Masteriyo Learning Management System that compromises the integrity of access control mechanisms. This vulnerability allows users to access functionalities without proper constraints enforced by the Access Control Lists (ACLs). Affected versions include those prior to 1.11.4, exposing systems to potential misuse and exploitation. Administrators using Masteriyo LMS are advised to review their security settings and apply necessary updates to mitigate this issue.
Affected Version(s)
Masteriyo - LMS <= 1.11.4