Lucene search

WpvulndbWPVDB-ID:8407F428-12E7-4549-AA65-A241B7BDCA41

HistoryApr 11, 2024 - 12:00 a.m.

Masteriyo - LMS < 1.7.3 - Unauthenticated Privilege Escalation

2024-04-1100:00:00

wpscan.com

masteriyo lms

elearning

wordpress

privilege escalation

unauthenticated attackers

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Description The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_logged_in_user() function in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.

CPENameOperatorVersion
eq1.7.3

CPE	Name	Operator	Version
		eq	1.7.3

References

www.wordfence.com/threat-intel/vulnerabilities/id/8cf1276b-401d-4166-940e-e5d60f85e762

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for WPVDB-ID:8407F428-12E7-4549-AA65-A241B7BDCA41