7.5
CVE-2023-4278
- EPSS 3.5%
- Veröffentlicht 11.09.2023 20:15:11
- Zuletzt bearbeitet 23.04.2025 17:16:42
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginMasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation
MasterStudy LMS <= 3.0.17 - Privilege Escalation
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.
Mögliche Gegenmaßnahme
MasterStudy LMS WordPress Plugin – for Online Courses and Education: Update to version 3.0.18, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Stylemixthemes ≫ Masterstudy Lms SwPlatformwordpress Version < 3.0.18
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
MasterStudy LMS WordPress Plugin – for Online Courses and Education
Version
*-3.0.17
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.5% | 0.876 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.html
https://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235
https://www.wordfence.com/threat-intel/vulnerabilities/id/df00c8bc-8acd-4197-86fe-b88cb47d52c3