Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin = 3.0.7 versions...

CVE-2023-35093

CVE-2023-35093 affects StylemixThemes MasterStudy LMS WordPress Plugin (

CVE-2023-35093 WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Broken Access Control

Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin = 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more...

CVE-2023-35093 WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Broken Access Control

Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin = 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more...

CVE-2023-35090 WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin = 3.0.7 versions...

CVE-2023-35090

CVE-2023-35090 is a Stored XSS vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin for Online Courses and Education, with affected versions cited as &lt;= 3.0.7 (NVD) and

PT-2023-25139 · Stylemixthemes · Stylemixthemes Masterstudy Lms Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin versions prior to 3.0.8 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. It affects users with contributor or highe...

WordPress Plugin MasterStudy LMS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Plugin StylemixThemes MasterStudy LMS WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin StylemixThemes...

WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Broken Access Control

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-35093 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID fe9a14774ad1 Credits Rafshanzani Suhada...

WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Cross Site Scripting (XSS)

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35090 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 10f578002fee Credits Rafshanzani Suhada...

Exploit for Improper Privilege Management in Stylemixthemes Masterstudy_Lms

!imagehttps://github.com/tegal1337/CVE-2022-0441/assets/31664...

WordPress MasterStudy LMS Plugin <= 2.9.34 is vulnerable to Broken Access Control

Software MasterStudy LMS Type Plugin Vulnerable versions = 2.9.34 Fixed in 2.9.35 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 3b63e4d1bbd6 Credits Unknown Required privilege...

WordPress MasterStudy LMS Plugin Privilege Escalation (CVE-2022-0441)

A privilege escalation exists in WordPress MasterStudy LMS plugin. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...

Wordpress MasterStudy Admin Account Creation

MasterStudy LMS, a WordPress plugin, prior to 2.7.6 is affected by a privilege escalation where an unauthenticated user is able to create an administrator account for wordpress itself. Module Options msf use auxiliary/admin/http/wpmasterstudyprivesc msf auxiliarywpmasterstudyprivesc show actions...

CVE-2022-0441

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin...

CVE-2022-0441

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin...

Design/Logic Flaw

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin...

CVE-2022-0441 MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin...

CVE-2022-0441

CVE-2022-0441 concerns the WordPress plugin MasterStudy LMS (versions before 2.7.6). The issue stems from improper validation of parameters during account registration, enabling an unauthenticated user to register as an administrator and potentially access sensitive information or modify data. Th...