233 matches found
CVE-2024-2106
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and email...
Design/Logic Flaw
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and email...
CVE-2024-2106 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.10 - Basic Information Exposure via REST route
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and email...
CVE-2024-2106
CVE-2024-2106 affects MasterStudy LMS WordPress Plugin
WordPress MasterStudy LMS Plugin <= 3.2.10 is vulnerable to Sensitive Data Exposure
Software MasterStudy LMS Type Plugin Vulnerable versions = 3.2.10 Fixed in 3.2.11 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2106 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 809a15eb7a2b Credits Hiroho Shimada Required...
MasterStudy LMS WordPress Plugin – for Online Courses and Education < 3.2.11 - Basic Information Exposure via REST route
Description The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and...
Exploit for SQL Injection in Stylemixthemes Masterstudy_Lms
CVE-2024-1512 Proof of Concept Vulnerability Overview CVE...
WordPress MasterStudy LMS Plugin <= 3.2.5 is vulnerable to SQL Injection
Software MasterStudy LMS Type Plugin Vulnerable versions = 3.2.5 Fixed in 3.2.6 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1512 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID e235479f4753 Credits Krzysztof Zając Required privilege Unauthenticat...
CVE-2024-1512
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...
CVE-2024-1512
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...
Sql injection
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...
CVE-2024-1512
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...
CVE-2024-1512 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.5 - Unauthenticated SQL Injection
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...
WordPress Masterstudy LMS 3.0.17 Account Creation
Exploit Title: Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation Google Dork: inurl:/user-public-account Date: 2023-09-04 Exploit Author: Revan Arifio Vendor Homepage: https:/.org/plugins/masterstudy-lms-learning-management-system/ Version: | | \ / | | / /| |...
WordPress MasterStudy LMS Plugin < 3.0.18 is vulnerable to Privilege Escalation
Software MasterStudy LMS Type Plugin Vulnerable versions 3.0.18 Fixed in 3.0.18 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-4278 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 7e43b36b9353 Credits Revan...
Design/Logic Flaw
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts...
CVE-2023-4278 MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts...
CVE-2023-4278
CVE-2023-4278 affects the MasterStudy LMS WordPress Plugin (versions
CVE-2023-4278 MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts...
PT-2023-28583 · WordPress · Masterstudy Lms Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: MasterStudy LMS WordPress Plugin versions prior to 3.0.18 Description: The issue allows anyone to register on the site as an instructor due to improper checks during registration. This enables them to add courses and/or posts. Recommendations...