Educare < 1.4.7 – Missing Authorization to Sensitive Information Exposure | Plugin Vulnerabilities

Description

The Educare plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the educare_get_data_from_students function in versions up to, and including, 1.4.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to expose potentially sensitive student data.

Affects Plugins

Fixed in 1.4.7

References

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/4ad16964-3d0a-4769-a167-5ec62486bfe9

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Verified

No

WPVDB ID

6d163ef5-4fa1-423d-b9da-8f5757ce1df1

Timeline

Publicly Published

2023-09-09 (about 2 years ago)

Added

2023-11-29 (about 2 years ago)

Last Updated

2023-12-08 (about 2 years ago)

Other

Published

Title

Published

2024-08-16

Title

Atarim < 4.0.2 - Missing Authorization via remove_feedbacktool_notice()

Published

2026-05-12

Title

MonsterInsights < 10.1.3 - Subscriber+ Sensitive Information Exposure and Plugin Integration Reset

Published

2024-02-26

Title

ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Missing Authorization to Settings Update

Published

2024-11-15

Title

Customer Reviews for WooCommerce < 5.62.0 - Missing Authorization to Authenticated (Subscriber+) Import Cancellation

Published

2025-12-12

Title

Devs CRM – Manage tasks, attendance and teams all together <= 1.1.8 - Unauthenticated Information Expsoure