CVE-2024-3136 MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template

🗓️ 09 Apr 2024 18:59:08Reported by WordfenceType

Vulnerability in MasterStudy LMS WordPress plugin version 3.3.3 allows unauthenticated attackers to execute arbitrary PHP code via 'template' parameter

Reporter	Title	Published	Views	Family All 13
CNNVD	WordPress Plugin MasterStudy LMS 安全漏洞	9 Apr 202400:00	–	cnnvd
CVE	CVE-2024-3136	9 Apr 202418:59	–	cve
Nuclei	MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template	11 Jun 202603:33	–	nuclei
NVD	CVE-2024-3136	9 Apr 202419:15	–	nvd
OSV	CVE-2024-3136	9 Apr 202419:15	–	osv
Patchstack	WordPress MasterStudy LMS Plugin <= 3.3.3 is vulnerable to Local File Inclusion	5 Apr 202400:00	–	patchstack
Patchstack	WordPress MasterStudy LMS plugin <= 3.3.3 - Unauthenticated Local File Inclusion via template vulnerability	5 Apr 202400:55	–	patchstack
Positive Technologies	PT-2024-24004 · WordPress · Masterstudy Lms	9 Apr 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-3136	5 Feb 202510:09	–	redhatcve
Vulnrichment	CVE-2024-3136 MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template	9 Apr 202418:59	–	vulnrichment

[
  {
    "vendor": "stylemix",
    "product": "MasterStudy LMS WordPress Plugin – for Online Courses and Education",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "3.3.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/9a573740-cdfe-4b58-b33b-5e50bcbc4779
plugins	www.plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/helpers.php
plugins	www.plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/templates.php

08 Apr 2026 17:11Current

10High risk

Vulners AI Score10

CVSS 3.19.8

EPSS0.54205

CWE-98