A vulnerability, which was classified as problematic, has been found in kodezen Academy LMS Plugin up to 3.8.1 on WordPress. Affected is the function
__return_true of the component REST API Endpoint. The manipulation leads to authorization bypass.
This vulnerability is listed as CVE-2026-5348. The attack may be initiated remotely. There is no available exploit.
It is advisable to upgrade the affected component.