MasterStudy LMS < 3.3.2 - Unauthenticated Privilege Escalation

Description The plugin is vulnerable to Privilege Escalation due to insufficient validation checks within the registeruser function called by the 'wpajaxnoprivstmlmsregister' AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges...

PT-2024-20262 · WordPress · Masterstudy Lms

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS plugin for WordPress versions up to, and including, 3.3.1 Description: The issue is due to insufficient validation checks within the register user function called by the 'wp ajax nopriv stm lms register' AJAX action. This allo...

WordPress Plugin MasterStudy LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-20274 · WordPress · Masterstudy Lms

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS plugin for WordPress versions up to, and including, 3.3.0 Description: The issue allows unauthenticated attackers to include and execute arbitrary files on the server via the modal parameter. This enables the execution of any...

WordPress MasterStudy LMS Plugin <= 3.2.13 is vulnerable to Broken Access Control

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.2.13 Fixed in 3.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1904 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4939af1093ec Credits Krzysztof Zając Required...

CVE-2024-2106

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and email...

CVE-2024-2106

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and email...

Design/Logic Flaw

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and email...

CVE-2024-2106

CVE-2024-2106 affects MasterStudy LMS WordPress Plugin

CVE-2024-2106 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.10 - Basic Information Exposure via REST route

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and email...

WordPress Plugin MasterStudy LMS Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-18826 · WordPress · Masterstudy Lms Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress versions up to, and including, 3.2.10 Description: The issue allows unauthenticated attackers to extract sensitive data, including all registered...

WordPress MasterStudy LMS Plugin <= 3.2.10 is vulnerable to Sensitive Data Exposure

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.2.10 Fixed in 3.2.11 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2106 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 809a15eb7a2b Credits Hiroho Shimada Required...

MasterStudy LMS WordPress Plugin – for Online Courses and Education < 3.2.11 - Basic Information Exposure via REST route

Description The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and...

Exploit for SQL Injection in Stylemixthemes Masterstudy_Lms

CVE-2024-1512 Proof of Concept Vulnerability Overview CVE...

WordPress MasterStudy LMS Plugin <= 3.2.5 is vulnerable to SQL Injection

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.2.5 Fixed in 3.2.6 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1512 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID e235479f4753 Credits Krzysztof Zając Required privilege Unauthenticat...

CVE-2024-1512

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...

CVE-2024-1512

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...

Sql injection

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...

CVE-2024-1512 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.5 - Unauthenticated SQL Injection

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...