9.1
CVE-2024-5973
- EPSS 0.49%
- Veröffentlicht 22.07.2024 06:15:02
- Zuletzt bearbeitet 21.11.2024 09:48:40
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginMasterStudy LMS < 3.3.24 - Privilege Escalation to Instructor
MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.3.23 - Unauthenticated Limited Privilege Escalation to Instructor
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.
Mögliche Gegenmaßnahme
MasterStudy LMS WordPress Plugin – for Online Courses and Education: Update to version 3.3.24, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Stylemixthemes ≫ Masterstudy Lms SwPlatformwordpress Version < 3.3.24
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
MasterStudy LMS WordPress Plugin – for Online Courses and Education
Version
*-3.3.23
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.383 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
https://wpscan.com/vulnerability/59abfb7c-d5ea-45f2-ab9a-4391978e3805/
https://www.wordfence.com/threat-intel/vulnerabilities/id/18498171-7db1-4ebb-8fe0-a66d9343cb46