// For flags

CVE-2023-4278

MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.

El complemento de WordPress MasterStudy LMS WordPress anterior a 3.0.18 no cuenta con controles adecuados durante el registro, lo que permite que cualquiera se registre en el sitio como instructor. Luego pueden agregar cursos y/o publicaciones.

The MasterStudy LMS plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.0.17. This makes it possible for unauthenticated attackers to register on the site as instructors, which would enable them to create courses.

WordPress Masterstudy LMS plugin version 3.0.17 suffers from an unauthenticated instructor account creation vulnerability.

*Credits: Revan Arifio, WPScan
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-08-09 CVE Reserved
  • 2023-08-21 CVE Published
  • 2023-09-04 First Exploit
  • 2024-08-02 CVE Updated
  • 2024-11-07 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-269: Improper Privilege Management
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Stylemixthemes
Search vendor "Stylemixthemes"
Masterstudy Lms
Search vendor "Stylemixthemes" for product "Masterstudy Lms"
< 3.0.18
Search vendor "Stylemixthemes" for product "Masterstudy Lms" and version " < 3.0.18"
wordpress
Affected