CVE-2023-3345
published 2023-07-31CVE-2023-3345: The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any…
PriorityP344medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
1.93%
77.4th percentile
The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| themegrill | masteriyo | < 1.6.8 | 1.6.8 |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit targets the REST API endpoint /wp-json/masteriyo/v1/users/ with a valid WP nonce; response contains 'username', 'email', and 'roles' fields in a JSON body (Content-Type: application/json, HTTP 200). ↗
- →Successful exploitation is confirmed when the JSON response body simultaneously contains the strings '"username":', '"email":', and '"roles":'. ↗
- →The WP nonce required for the exploit request is extracted from an authenticated page using the regex pattern '"nonce":"([a-z0-9]+)","versionString'. ↗
- →The attack requires only a low-privileged authenticated session (student role); monitor for authenticated GET requests to /wp-json/masteriyo/v1/users/ from non-admin accounts. ↗
- ·Vulnerability is present only in LMS by Masteriyo plugin versions prior to 1.6.8; patched in 1.6.8 and above. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
LMS by Masteriyo < 1.6.8 - Information Exposure
nuclei·CVSS 6.5
CVE-2023-3345 [MEDIUM] LMS by Masteriyo < 1.6.8 - Information Exposure
LMS by Masteriyo < 1.6.8 - Information Exposure
The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints.
Template:
id: CVE-2023-3345
info:
name: LMS by Masteriyo < 1.6.8 - Information Exposure
author: DhiyaneshDK
severity: medium
description: |
The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints.
impact: |
An attacker can gain unauthorized access to sensitive information.
remediation: |
Upgrade LMS by Masteriyo to version 1.6.8 or higher to fix the vulnerability.
reference:
- https://wpscan.com/vulnerabilit
No writeups or analysis indexed.
2023-07-31
Published