PatchSiren

kodezen CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM kodezen CVE published 2026-07-14

CVE-2026-9341

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Insecure Direct Object Reference. Authenticated attackers with Subscriber-level access can read, overwrite, or delete private lesson notes and falsify lesson-completion progress. This vulnerability affects users with Subscriber-level access and above. The CVSS score is 4.3, indicating a Medium severity.