MasterStudy LMS < 3.3.2 - Unauthenticated Privilege Escalation

Description The plugin is vulnerable to Privilege Escalation due to insufficient validation checks within the registeruser function called by the 'wpajaxnoprivstmlmsregister' AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges...

PT-2024-20262 · WordPress · Masterstudy Lms

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS plugin for WordPress versions up to, and including, 3.3.1 Description: The issue is due to insufficient validation checks within the register user function called by the 'wp ajax nopriv stm lms register' AJAX action. This allo...