Lucene search
WPScanCVE-2024-5973HistoryJul 22, 2024 - 6:15 a.m.
CVE-2024-5973
2024-07-2206:15:02
WPScan
web.nvd.nist.gov
26
masterstudy lms
wordpress plugin
unauthorized access
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
6.4
Confidence
High
EPSS
0.001
Percentile
19.8%
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn’t have.
Affected configurations
Node
stylemixthemesmasterstudy_lmsRange<3.3.24wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| stylemixthemes | masterstudy_lms | * | cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "MasterStudy LMS WordPress Plugin ",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "3.3.24"
}
],
"defaultStatus": "unaffected"
}
]Related
cvelist
cvelist
CVE-2024-5973 MasterStudy LMS < 3.3.24 - Privilege Escalation to Instructor
2024-07-22 06:00:05
vulnrichment
vulnrichment
CVE-2024-5973 MasterStudy LMS < 3.3.24 - Privilege Escalation to Instructor
2024-07-22 06:00:05
nvd
nvd
CVE-2024-5973
2024-07-22 06:15:02
wordfence
wordfence
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
6.4
Confidence
High
EPSS
0.001
Percentile
19.8%
Related for CVE-2024-5973