What is CVE-2023-3345?

CVE-2023-3345 is a vulnerability in Lms By Masteriyo, classified under CWE-863 INCORRECT AUTHORIZATION. Published 2023-07-31.

Is CVE-2023-3345 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Lms By Masteriyo

CVE-2023-3345

The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students

EPSS: 0.648 (98.5th percentile) — read the EPSS interpretation.

Affected products

Unknown Lms By Masteriyo — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates

References

wpscan.com/vulnerability/0d07423e-98d2-43a3-824d-562747a3d65a (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2023-3345?: CVE-2023-3345 is a vulnerability in Lms By Masteriyo, classified under CWE-863 INCORRECT AUTHORIZATION. Published 2023-07-31.
Is CVE-2023-3345 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.