CVE-2024-1512
- EPSS 93.78%
- Veröffentlicht 17.02.2024 08:15:08
- Zuletzt bearbeitet 18.12.2024 17:23:15
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 du...
CVE-2023-4278
- EPSS 21.28%
- Veröffentlicht 11.09.2023 20:15:11
- Zuletzt bearbeitet 23.04.2025 17:16:42
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.
CVE-2023-35093
- EPSS 0.22%
- Veröffentlicht 22.06.2023 12:15:12
- Zuletzt bearbeitet 21.11.2024 08:07:57
Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data rel...
CVE-2023-35090
- EPSS 0.08%
- Veröffentlicht 22.06.2023 11:15:09
- Zuletzt bearbeitet 21.11.2024 08:07:57
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.7 versions.
CVE-2022-0441
- EPSS 81.35%
- Veröffentlicht 07.03.2022 09:15:09
- Zuletzt bearbeitet 21.11.2024 06:38:37
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin