CVE-2024-1904 MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts

The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the searchposts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose...

$937 Bounty Awarded for Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 25th, 2024, during our second Bug Bounty Extravaganza...

PT-2024-18410 · WordPress · Masterstudy Lms

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS plugin for WordPress versions up to, and including, 3.2.13 Description: The issue allows unauthorized access to data due to a missing capability check on the search posts function. This makes it possible for authenticated...

WordPress Plugin MasterStudy LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-24004 · WordPress · Masterstudy Lms

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS plugin for WordPress versions up to, and including, 3.3.3 Description: The issue allows unauthenticated attackers to include and execute arbitrary files on the server via the template parameter. This enables the execution of a...

WordPress Plugin MasterStudy LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress MasterStudy LMS plugin <= 3.3.3 - Unauthenticated Local File Inclusion via template vulnerability

Unauthenticated Local File Inclusion via template vulnerability discovered by Hiroho Shimada in WordPress Plugin MasterStudy LMS versions = 3.3.3...

WordPress MasterStudy LMS Plugin <= 3.3.3 is vulnerable to Local File Inclusion

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3136 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 0e613f9f337e Credits Hiroho Shimada Required privilege...

WordPress MasterStudy LMS plugin <= 3.3.1 - Unauthenticated Privilege Escalation via stm_lms_register AJAX Action vulnerability

Unauthenticated Privilege Escalation via stmlmsregister AJAX Action vulnerability discovered by Hiroho Shimada in WordPress Plugin MasterStudy LMS versions = 3.3.1...

WordPress MasterStudy LMS plugin <= 3.3.0 - Unauthenticated Local File Inclusion via modal vulnerability

Unauthenticated Local File Inclusion via modal vulnerability discovered by Hiroho Shimada in WordPress Plugin MasterStudy LMS versions = 3.3.0...

WordPress MasterStudy LMS Plugin <= 3.3.0 is vulnerable to Local File Inclusion

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-2411 Patch priority High CVSS severity High 9 Developer Claim ownership PSID c509d4c43d0b Credits Hiroho Shimada Required privilege...

WordPress MasterStudy LMS Plugin <= 3.3.1 is vulnerable to Privilege Escalation

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-2409 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 8dbe36bee6fd Credits Hiroho...

CVE-2024-2411

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code i...

CVE-2024-2409

The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the registeruser function called by the 'wpajaxnoprivstmlmsregister' AJAX action. This makes it possible for...

CVE-2024-2411

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code i...

CVE-2024-2409

The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the registeruser function called by the 'wpajaxnoprivstmlmsregister' AJAX action. This makes it possible for...

CVE-2024-2411

CVE-2024-2411 affects MasterStudy LMS WordPress plugin (

CVE-2024-2409

The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the registeruser function called by the 'wpajaxnoprivstmlmsregister' AJAX action. This makes it possible for...

CVE-2024-2409

MasterStudy LMS WordPress Plugin vulnerability overview (CVE-2024-2409): affects versions &lt;= 3.3.1, enabling unauthenticated privilege escalation by abusing the _register_user() flow. The flaw requires MasterStudy LMS Pro with LMS Forms Editor add-on; it allows an attacker to supply arbitrary ...

WordPress Plugin MasterStudy LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...