GHSA-xp2v-x6vp-vp42MediumCVSS 6.5
The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a...
🔗 CVE IDs covered (1)
📋 Description
The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user's course-progress records.