CVE-2023-6223

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jan 11, 2024

Updated: Jan 16, 2024

CWE ID 639

Summary

CVE-2023-6223 is a vulnerability affecting the LearnPress plugin for WordPress. This issue, present in versions up to 4.2.5.7, allows authenticated attackers with subscriber-level access or higher to retrieve the course progress details of other users. The vulnerability stems from a missing validation check on the 'userID' user-controlled key in the /wp-json/lp/v1/profile/course-tab REST API, making it an Insecure Direct Object Reference (IDOR) vulnerability. This weakness could potentially lead to unauthorized access to sensitive user information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tfj_qQ
https://www.cve.org/CVERecord?id=CVE-2023-6223
https://nvd.nist.gov/vuln/detail/CVE-2023-6223

Back to Vulnerability Database

CVE-2023-6223

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations