A vulnerability described as critical has been identified in kodezen Academy LMS Plugin up to 3.8.0 on WordPress. This affects an unknown part of the component AJAX handler. Executing a manipulation of the argument key can lead to improper control of resource identifiers.
This vulnerability is tracked as CVE-2026-9341. The attack can be launched remotely. No exploit exists.