CVE 5.3 MEDIUM

Academy LMS <= 3.8.1 - Unauthenticated Insecure Direct Object Reference to Private Topic Disclosure_CVE-2026-5348

5.3 / 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.8.1. This is due to the '/topics' REST API endpoint being registered with a permission callback set to '__return_true', allowing unauthenticated access to course curriculum data without verifying the course's post status or user enrollment. This makes it possible for unauthenticated attackers to access detailed curriculum information for private, draft, scheduled, or password-protected courses by enumerating course IDs.

Basic Information

ID CVE-2026-5348
Source Wordfence
Published Jul 2, 2026 at 05:35

Affected Product

Vendor kodezen
Product Academy LMS – WordPress LMS Plugin for Complete eLearning Solution
Affected Versions kodezen Academy LMS – WordPress LMS Plugin for Complete eLearning Solution 0

CWE Classification

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.