CVE-2024-37091

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0;...

PT-2024-27290 · Stylemixthemes · Stylemixthemes Consulting Elementor Widgets +1

Name of the Vulnerable Software and Affected Versions: StylemixThemes Consulting Elementor Widgets versions 1.3.0 and earlier StylemixThemes Masterstudy Elementor Widgets versions 1.2.2 and earlier Description: The issue is related to an Improper Neutralization of Special Elements used in a...

WordPress MasterStudy LMS plugin <= 3.2.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin MasterStudy LMS versions = 3.2.12...

WordPress MasterStudy LMS plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin MasterStudy LMS versions = 3.2.1...

WordPress MasterStudy LMS Plugin <= 3.2.12 is vulnerable to Broken Access Control

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.2.12 Fixed in 3.2.13 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37094 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID c81a1b1721c6 Credits Majed Refaea Required...

WordPress MasterStudy LMS Plugin <= 3.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.2.1 Fixed in 3.2.2 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2024-37093 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID baf1167c8e0f Credits Majed Refaea...

CVE-2024-3942

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticate...

CVE-2024-3942 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.3.8 - Missing Authorization

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticate...

CVE-2024-3942 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.3.8 - Missing Authorization

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticate...

CVE-2024-3942

CVE-2024-3942 affects MasterStudy LMS WordPress Plugin (≤3.3.8): missing capability check enables authenticated users with Subscriber+ to read/modify course content, titles, and taxonomies. Impact: unauthorized data access/modification and data loss. Patch available; update to a fixed version as ...

WordPress plugin MasterStudy LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-28487 · WordPress · Masterstudy Lms Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress versions up to, and including, 3.3.8 Description: The issue allows authenticated attackers with subscriber level permissions and above to access,...

WordPress MasterStudy LMS plugin <= 3.3.8 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Lucio Sá in WordPress Plugin MasterStudy LMS versions = 3.3.8...

WordPress MasterStudy LMS Plugin <= 3.3.8 is vulnerable to Broken Access Control

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.3.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3942 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID e8c9ed38d014 Credits Lucio Sá Required privilege...

MasterStudy LMS WordPress Plugin – for Online Courses and Education < 3.3.9 - Missing Authorization

Description The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for...

CVE-2024-3136

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP cod...

CVE-2024-1904

The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the searchposts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose...

CVE-2024-1904

The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the searchposts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose...

CVE-2024-3136 MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP cod...

CVE-2024-1904 MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts

The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the searchposts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose...