CVE-2023-4278
MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.
El complemento de WordPress MasterStudy LMS WordPress anterior a 3.0.18 no cuenta con controles adecuados durante el registro, lo que permite que cualquiera se registre en el sitio como instructor. Luego pueden agregar cursos y/o publicaciones.
The MasterStudy LMS plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.0.17. This makes it possible for unauthenticated attackers to register on the site as instructors, which would enable them to create courses.
WordPress Masterstudy LMS plugin version 3.0.17 suffers from an unauthenticated instructor account creation vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-08-09 CVE Reserved
- 2023-08-21 CVE Published
- 2023-09-04 First Exploit
- 2024-08-02 CVE Updated
- 2024-11-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.html |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/51735 | 2023-10-09 | |
https://github.com/revan-ar/CVE-2023-4278 | 2023-09-04 | |
https://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235 | 2024-08-02 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Stylemixthemes Search vendor "Stylemixthemes" | Masterstudy Lms Search vendor "Stylemixthemes" for product "Masterstudy Lms" | < 3.0.18 Search vendor "Stylemixthemes" for product "Masterstudy Lms" and version " < 3.0.18" | wordpress |
Affected
|