CVE-2026-9341 in Academy LMS Plugininfo

Zusammenfassung

von MITRE • 14.07.2026

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.8.0 via the 'save_lesson_note', 'get_lesson_note', and 'complete_lesson_video' AJAX handlers due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read, overwrite, or delete the private lesson notes of any other user (including administrators), and to falsify lesson-completion progress for arbitrary users.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Zuständig

Wordfence

Reservieren

23.05.2026

Veröffentlichung

14.07.2026

Moderieren

akzeptiert

Eintrag

VDB-378293

CPE

bereit

EPSS

0.00000

KEV

nein

Aktivitäten

low

Quellen

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!