CVE-2024-33939: 
WordPress vulnerability analysis and mitigation

Authentication Bypass vulnerability (CVE-2024-33939) affects Masteriyo - LMS WordPress plugin versions through 1.7.3. The vulnerability was discovered and reported on January 17, 2024, and publicly disclosed on April 30, 2024. This security flaw allows unauthorized access to course progress functionality within the WordPress plugin (Patchstack).

The vulnerability is classified as an Authentication Bypass Using an Alternate Path or Channel, with a CVSS score of 5.3 (Medium severity). The security flaw specifically enables unauthenticated users to access course progress functionality that should be restricted to authenticated users only (Wiz, Patchstack).

This vulnerability enables malicious actors to perform actions that should only be accessible to privileged users. The impact primarily affects the course progress functionality within the Masteriyo LMS system, potentially compromising the integrity of the learning management system (Wiz).

The vulnerability has been patched in version 1.7.4 of the Masteriyo LMS plugin. Site administrators are strongly advised to update to this version or later immediately. For users unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks (Wiz, Patchstack).