Description
WordPress Plugin Academy LMS-eLearning and online course solution for WordPress is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin Academy LMS-eLearning and online course solution for WordPress version 1.9.25 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.9.26 or latest
References
Related Vulnerabilities
Atlassian Confluence Missing Authorization Vulnerability (CVE-2019-15005)
ownCloud Improper Input Validation Vulnerability (CVE-2020-28645)
Apache HTTP Server Resource Management Errors Vulnerability (CVE-2005-3357)
PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-20717)
OpenSSL Improper Authentication Vulnerability (CVE-2023-2975)