MEDIUM
kodezen
CVE published 2026-07-14
CVE-2026-9341
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Insecure Direct Object Reference. Authenticated attackers with Subscriber-level access can read, overwrite, or delete private lesson notes and falsify lesson-completion progress. This vulnerability affects users with Subscriber-level access and above. The CVSS score is 4.3, indicating a Medium severity.