This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A critical identity verification flaw in the password reset flow. π **Consequences**: Attackers can hijack accounts, leading to full system compromise, data theft, and unauthorized changes.β¦
π‘οΈ **Root Cause**: CWE-639 (Authorization Bypass Through User-Controlled Key). π **Flaw**: The plugin fails to properly verify user identity before updating passwords.β¦
π¦ **Vendor**: Kodezen. π¦ **Product**: Academy LMS β WordPress LMS Plugin for Complete eLearning Solution. π **Affected Versions**: 3.5.0 and earlier. β οΈ **Platform**: WordPress.
Q4What can hackers do? (Privileges/Data)
π **Privileges**: Full account takeover. π **Data**: Access to sensitive user data, course progress, and potentially admin credentials. π **Impact**: High (CVSS 9.8).β¦
π **Threshold**: LOW. π **Auth**: None required (PR:N). π±οΈ **UI**: No user interaction needed (UI:N). π **Network**: Remote (AV:N). π― **Complexity**: Low (AC:L). This is an easy, remote exploit for anyone.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π« **Public Exp**: No PoC provided in the data. π **Status**: Theoretical but highly likely given the CVSS score and nature of the flaw. β οΈ **Risk**: Wild exploitation is imminent due to low barrier to entry.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for 'Academy LMS' plugin version β€ 3.5.0. π οΈ **Feature**: Look for the password reset function in `includes/functions.php` around line 1581.β¦
β **Fixed**: Yes. π **Patch Date**: Published 2026-01-21. π **Action**: Update to a version newer than 3.5.0. π **Ref**: See WordFence and WordPress Trac links for official details.
Q9What if no patch? (Workaround)
π **Workaround**: Disable the plugin if not essential. π« **Restrict**: Limit access to the LMS module. π **Manual**: Monitor for unauthorized password reset requests.β¦