cbcvebase.
CVE-2023-3345
published 2023-07-31

CVE-2023-3345: The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any…

PriorityP344medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
1.93%
77.4th percentile
The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students

Affected

1 ranges
VendorProductVersion rangeFixed in
themegrillmasteriyo< 1.6.81.6.8

Detection & IOCsextracted from sources · hover to see the quote

url/wp-json/masteriyo/v1/users/
  • Exploit targets the REST API endpoint /wp-json/masteriyo/v1/users/ with a valid WP nonce; response contains 'username', 'email', and 'roles' fields in a JSON body (Content-Type: application/json, HTTP 200).
  • Successful exploitation is confirmed when the JSON response body simultaneously contains the strings '"username":', '"email":', and '"roles":'.
  • The WP nonce required for the exploit request is extracted from an authenticated page using the regex pattern '"nonce":"([a-z0-9]+)","versionString'.
  • The attack requires only a low-privileged authenticated session (student role); monitor for authenticated GET requests to /wp-json/masteriyo/v1/users/ from non-admin accounts.
  • ·Vulnerability is present only in LMS by Masteriyo plugin versions prior to 1.6.8; patched in 1.6.8 and above.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.