Stylemixthemes

Masterstudy Lms

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-37093

  • EPSS 0.17%
  • Veröffentlicht 02.01.2025 12:15:17
  • Zuletzt bearbeitet 22.01.2025 17:41:28

Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes MasterStudy LMS allows Cross Site Request Forgery.This issue affects MasterStudy LMS: from n/a through 3.2.1.

9.8

CVE-2024-37094

  • EPSS 0.37%
  • Veröffentlicht 01.11.2024 14:15:05
  • Zuletzt bearbeitet 22.01.2025 18:35:39

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MasterStudy LMS: from n/a through 3.2.12.

5.3

CVE-2024-43990

  • EPSS 0.42%
  • Veröffentlicht 25.09.2024 15:15:14
  • Zuletzt bearbeitet 26.09.2024 13:32:02

Insertion of Sensitive Information into Log File vulnerability in StylemixThemes Masterstudy LMS Starter.This issue affects Masterstudy LMS Starter: from n/a through 1.1.8.

8.8

CVE-2024-5973

Exploit
  • EPSS 0.86%
  • Veröffentlicht 22.07.2024 06:15:02
  • Zuletzt bearbeitet 21.11.2024 09:48:40

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.

5.4

CVE-2024-3942

  • EPSS 0.08%
  • Veröffentlicht 02.05.2024 17:15:32
  • Zuletzt bearbeitet 21.01.2025 19:56:20

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including,...

9.8

CVE-2024-3136

  • EPSS 49.59%
  • Veröffentlicht 09.04.2024 19:15:39
  • Zuletzt bearbeitet 17.01.2025 19:21:25

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on th...

4.3

CVE-2024-1904

  • EPSS 0.29%
  • Veröffentlicht 09.04.2024 19:15:20
  • Zuletzt bearbeitet 17.01.2025 19:22:36

The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, wit...

9.8

CVE-2024-2409

  • EPSS 0.34%
  • Veröffentlicht 29.03.2024 09:15:07
  • Zuletzt bearbeitet 13.02.2025 17:00:33

The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_regis...

9.8

CVE-2024-2411

  • EPSS 4.13%
  • Veröffentlicht 29.03.2024 09:15:07
  • Zuletzt bearbeitet 13.02.2025 17:01:09

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the s...

7.5

CVE-2024-2106

  • EPSS 1.88%
  • Veröffentlicht 13.03.2024 16:15:31
  • Zuletzt bearbeitet 22.01.2025 19:48:46

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including ...