Lucene search
HistorySep 11, 2023 - 8:15 p.m.
CVE-2023-4278
cve-2023-4278
registration vulnerability
instructor access
course addition
post addition
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.087 Low
EPSS
Percentile
94.6%
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.
Affected configurations
Node
stylemixthemesmasterstudy_lmsRange<3.0.18wordpress
Related
packetstorm
packetstorm
WordPress Masterstudy LMS 3.0.17 Account Creation
2023-10-10 00:00:00
prion
prion
Design/Logic Flaw
2023-09-11 20:15:00
zdt
zdt
githubexploit
githubexploit
Exploit for CVE-2023-4278
2023-09-04 14:16:32
wpvulndb
wpvulndb
MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation
2023-08-21 00:00:00
cve
cve
CVE-2023-4278
2023-09-11 20:15:11
cvelist
cvelist
wpexploit
wpexploit
MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation
2023-08-21 00:00:00
exploitdb
exploitdb
wordfence
wordfence
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.087 Low
EPSS
Percentile
94.6%
Related for NVD:CVE-2023-4278