Broken Access Control Vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin Allows Unauthorized Access to Orders

Broken Access Control Vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin Allows Unauthorized Access to Orders

CVE-2023-35093 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more.

Learn more about our Wordpress Pen Testing.