CVE-2024-1512

CVE-2024-1512 affects the MasterStudy LMS WordPress Plugin, all versions up to 3.2.5. The root cause is insufficient escaping and lack of proper SQL query preparation on the 'user' parameter of the /lms/stm-lms/order/items REST route, enabling union-based SQL injection. This allows unauthenticate...

CVE-2024-1512

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...

WordPress Plugin MasterStudy LMS WordPress Plugin Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Masterstudy LMS 3.0.17 Account Creation

Exploit Title: Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation Google Dork: inurl:/user-public-account Date: 2023-09-04 Exploit Author: Revan Arifio Vendor Homepage: https:/.org/plugins/masterstudy-lms-learning-management-system/ Version: | | \ / | | / /| |...

Wordpress Masterstudy LMS Plugin - 3.0.17 - Unauthenticated Instructor Account Creation Exploit

Exploit Title: Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation Google Dork: inurl:/user-public-account Exploit Author: Revan Arifio Vendor Homepage: https:/.org/plugins/masterstudy-lms-learning-management-system/ Version: | | \ / | | / /| || / / | | |/ / / ...

WordPress MasterStudy LMS Plugin < 3.0.18 is vulnerable to Privilege Escalation

Software MasterStudy LMS Type Plugin Vulnerable versions 3.0.18 Fixed in 3.0.18 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-4278 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 7e43b36b9353 Credits Revan...

CVE-2023-4278

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts...

Design/Logic Flaw

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts...

CVE-2023-4278 MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts...

CVE-2023-4278

CVE-2023-4278 affects the MasterStudy LMS WordPress Plugin (versions

CVE-2023-4278 MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts...

WordPress plugin MasterStudy LMS security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2023-28583 · WordPress · Masterstudy Lms Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS WordPress Plugin versions prior to 3.0.18 Description: The issue allows anyone to register on the site as an instructor due to improper checks during registration. This enables them to add courses and/or posts. Recommendations...

Exploit for CVE-2023-4278

PoC exploit for CVE-2023-4278, an unauthenticated instructor acc...

MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation

Description The plugin does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts. 1. Visit the Profiles Settings page for the plugin: MS LMS LMS Settings Profiles 2. Ensure that "Disable Instructor...

WordPress MasterStudy LMS Plugin <= 2.7.9 is vulnerable to Cross Site Scripting (XSS)

Software MasterStudy LMS Type Plugin Vulnerable versions = 2.7.9 Fixed in 2.8.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 876c95417bf3 Credits Rafie Muhammad Patchstack Required...

CVE-2023-35093

Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin = 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more...

CVE-2023-35093

Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin = 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more...

Improper access control

Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin = 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more...

CVE-2023-35090

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin = 3.0.7 versions...