MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection

The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...

WordPress plugin MasterStudy LMS WordPress Plugin – for Online Courses and Education 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

EUVD-2023-39124

Malicious code in bioql PyPI...

EUVD-2023-39127

Malicious code in bioql PyPI...

FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals

Two men have been indicted in the U.S. for their alleged involvement in managing a dark web marketplace called WWH Club that specializes in the sale of sensitive personal and financial information. Alex Khodyrev, a 35-year-old Kazakhstan national, and Pavel Kublitskii, a 37-year-old Russian...

CVE-2024-3942 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.3.8 - Missing Authorization

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticate...

MasterStudy LMS WordPress Plugin – for Online Courses and Education < 3.3.9 - Missing Authorization

Description The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for...

CVE-2024-2106 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.10 - Basic Information Exposure via REST route

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and email...

CVE-2024-2106

CVE-2024-2106 affects MasterStudy LMS WordPress Plugin

CVE-2024-2106 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.10 - Basic Information Exposure via REST route

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and email...

MasterStudy LMS WordPress Plugin – for Online Courses and Education < 3.2.11 - Basic Information Exposure via REST route

Description The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and...

MasterStudy LMS WordPress Plugin – for Online Courses and Education < 3.2.6 - Unauthenticated SQL Injection

Description The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0...

CVE-2023-50875

CVE-2023-50875 affects the WordPress Sensei LMS plugin (versions

WordPress LMS Plugin – eLearning, Online Courses by Attest Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS)

Software LMS Plugin – eLearning, Online Courses by Attest Type Plugin Vulnerable versions = 1.7.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3780cc3e494d Credits...

CVE-2023-35093

Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin = 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more...

CVE-2023-35093

Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin = 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more...

Improper access control

Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin = 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more...

CVE-2023-35090

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin = 3.0.7 versions...

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin = 3.0.7 versions...