WordPress MasterStudy LMS plugin < 3.3.24 - Privilege Escalation to Instructor vulnerability

Privilege Escalation to Instructor vulnerability discovered by Jaime F. Murillo in WordPress Plugin MasterStudy LMS versions 3.3.24...

CVE-2024-5973

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have...

CVE-2024-5973 MasterStudy LMS < 3.3.24 - Privilege Escalation to Instructor

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have...

CVE-2024-5973 MasterStudy LMS < 3.3.24 - Privilege Escalation to Instructor

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have...

CVE-2024-5973

CVE-2024-5973 affects MasterStudy LMS WordPress Plugin prior to version 3.3.24. The vulnerability is an unauthenticated privilege escalation to instructor, allowing students to create instructor accounts and gain access to restricted functionalities. The issue is fixed in 3.3.24; upgrade to 3.3.2...

WordPress MasterStudy LMS Plugin < 3.3.24 is vulnerable to Privilege Escalation

Software MasterStudy LMS Type Plugin Vulnerable versions 3.3.24 Fixed in 3.3.24 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-5973 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 2f024467e854 Credits Jaime F...

WordPress MasterStudy LMS plugin <= 3.2.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin MasterStudy LMS versions = 3.2.12...

WordPress MasterStudy LMS Plugin <= 3.2.12 is vulnerable to Broken Access Control

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.2.12 Fixed in 3.2.13 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37094 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID c81a1b1721c6 Credits Majed Refaea Required...

WordPress MasterStudy LMS Plugin <= 3.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.2.1 Fixed in 3.2.2 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2024-37093 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID baf1167c8e0f Credits Majed Refaea...

The vulnerability of the WordPress MasterStudy LMS plugin, a content management system for WordPress websites, allows attackers to execute arbitrary SQL queries.

The vulnerability of the WordPress MasterStudy LMS content management system’s plugin is related to the lack of verification of the validity of XML objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

CVE-2024-3942

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticate...

CVE-2024-3942 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.3.8 - Missing Authorization

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticate...

CVE-2024-3942 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.3.8 - Missing Authorization

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticate...

CVE-2024-3942

CVE-2024-3942 affects MasterStudy LMS WordPress Plugin (≤3.3.8): missing capability check enables authenticated users with Subscriber+ to read/modify course content, titles, and taxonomies. Impact: unauthorized data access/modification and data loss. Patch available; update to a fixed version as ...

PT-2024-28487 · WordPress · Masterstudy Lms Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress versions up to, and including, 3.3.8 Description: The issue allows authenticated attackers with subscriber level permissions and above to access,...

WordPress MasterStudy LMS plugin <= 3.3.8 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Lucio Sá in WordPress Plugin MasterStudy LMS versions = 3.3.8...

WordPress MasterStudy LMS Plugin <= 3.3.8 is vulnerable to Broken Access Control

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.3.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3942 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID e8c9ed38d014 Credits Lucio Sá Required privilege...

MasterStudy LMS WordPress Plugin – for Online Courses and Education < 3.3.9 - Missing Authorization

Description The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for...

CVE-2024-3136

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP cod...

CVE-2024-1904

The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the searchposts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose...