6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticated attackers, with subscriber level permissions and above, to read and modify content such as course questions, post titles, and taxonomies.
[
{
"vendor": "stylemix",
"product": "MasterStudy LMS WordPress Plugin – for Online Courses and Education",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "3.3.8",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%