Primary

Context

WisdomGarden Tronclass Insecure Direct Object Reference Vulnerability

Vulnerability

A vulnerability allowing Insecure Direct Object Reference has been identified in Tronclass developed by WisdomGarden, affecting versions through 1.74. This vulnerability allows authenticated remote attackers to manipulate specific parameters after acquiring a course ID, enabling them to obtain a course invitation code and join any course.

Impact

Exploitation of this vulnerability could lead to unauthorized access to courses by allowing attackers to join any course using the obtained invitation code.

Remediation

Users are advised to update Tronclass to version 1.77 or later.

Added: Feb 23, 2026, 3:19 AM

Updated: Feb 23, 2026, 3:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WisdomGarden Tronclass Insecure Direct Object Reference Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating