WordPress Masterstudy LMS Starter theme <= 1.1.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Theme Masterstudy LMS Starter versions = 1.1.8...

WordPress Masterstudy LMS Starter Theme <= 1.1.8 is vulnerable to Sensitive Data Exposure

Software Masterstudy LMS Starter Type Theme Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43990 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 36d1f32aa077 Credits Peng Zhou Required...

WordPress MasterStudy LMS plugin < 3.3.24 - Privilege Escalation to Instructor vulnerability

Privilege Escalation to Instructor vulnerability discovered by Jaime F. Murillo in WordPress Plugin MasterStudy LMS versions 3.3.24...

CVE-2024-5973

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have...

CVE-2024-5973

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have...

CVE-2024-5973 MasterStudy LMS < 3.3.24 - Privilege Escalation to Instructor

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have...

CVE-2024-5973 MasterStudy LMS < 3.3.24 - Privilege Escalation to Instructor

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have...

CVE-2024-5973

CVE-2024-5973 affects MasterStudy LMS WordPress Plugin prior to version 3.3.24. The vulnerability is an unauthenticated privilege escalation to instructor, allowing students to create instructor accounts and gain access to restricted functionalities. The issue is fixed in 3.3.24; upgrade to 3.3.2...

WordPress MasterStudy LMS Plugin < 3.3.24 is vulnerable to Privilege Escalation

Software MasterStudy LMS Type Plugin Vulnerable versions 3.3.24 Fixed in 3.3.24 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-5973 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 2f024467e854 Credits Jaime F...

PT-2024-37284 · WordPress · Masterstudy Lms Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The MasterStudy LMS WordPress Plugin versions prior to 3.3.24 Description: The issue allows students to create instructor accounts, potentially granting them access to unauthorized functionalities. Recommendations: For versions prior to 3.3.2...

CVE-2024-37090

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: fro...

CVE-2024-37090

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: fro...

CVE-2024-37090

CVE-2024-37090 is a SQL Injection vulnerability in StylemixThemes Masterstudy Elementor Widgets and Consulting Elementor Widgets. Exploitation involves improper neutralization of SQL elements, affecting Masterstudy Widgets up to 1.2.2 and Consulting Widgets up to 1.3.0. Wordfence and CVE records ...

CVE-2024-37090 SQL Injection vulnerability in multiple StylemixThemes premium themes

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: fro...

CVE-2024-37090 SQL Injection vulnerability in multiple StylemixThemes premium themes

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: fro...

WordPress Masterstudy Elementor Widgets plugin <= 1.2.2 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Masterstudy Elementor Widgets versions = 1.2.2...

WordPress Masterstudy Elementor Widgets plugin <= 1.2.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Masterstudy Elementor Widgets versions = 1.2.2...

WordPress Masterstudy Elementor Widgets plugin <= 1.2.2 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Masterstudy Elementor Widgets versions = 1.2.2...

WordPress Masterstudy Elementor Widgets Plugin <= 1.2.2 is vulnerable to Remote Code Execution (RCE)

Software Masterstudy Elementor Widgets Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-37091 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID c3068c566a95 Credits Rafie Muhammad...

WordPress Masterstudy Elementor Widgets Plugin <= 1.2.2 is vulnerable to SQL Injection

Software Masterstudy Elementor Widgets Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-37090 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID dd25952357f4 Credits Rafie Muhammad Patchstack Required...