Lucene search
WPScanCVELIST:CVE-2023-4278HistorySep 11, 2023 - 7:46 p.m.
CVE-2023-4278 MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation
2023-09-1119:46:08
WPScan
www.cve.org
cve-2023-4278
masterstudy lms
wordpress plugin
registration vulnerability
instructor account
0.087 Low
EPSS
Percentile
94.6%
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.
CNA Affected
[
{
"vendor": "Unknown",
"product": "MasterStudy LMS WordPress Plugin",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "3.0.18"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
packetstorm
packetstorm
WordPress Masterstudy LMS 3.0.17 Account Creation
2023-10-10 00:00:00
wpvulndb
wpvulndb
MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation
2023-08-21 00:00:00
githubexploit
githubexploit
Exploit for CVE-2023-4278
2023-09-04 14:16:32
prion
prion
Design/Logic Flaw
2023-09-11 20:15:00
zdt
zdt
cve
cve
CVE-2023-4278
2023-09-11 20:15:11
nvd
nvd
CVE-2023-4278
2023-09-11 20:15:11
wpexploit
wpexploit
MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation
2023-08-21 00:00:00
exploitdb
exploitdb
wordfence
wordfence