The LMS by Masteriyo WordPress plugin before 1.6.8 does not properly safeguards sensitive user information, like other users email addresses, making it possible for any students to leak them via some of the plugins REST API endpoints.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Masteriyo | Masteriyo | * | 1.6.8 (excluding) |