CVE-2024-2409

MasterStudy LMS <= 3.3.1 - Unauthenticated Privilege Escalation via stm_lms_register AJAX Action

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges when MasterStudy LMS Pro is installed and the LMS Forms Editor add-on is enabled.

El complemento MasterStudy LMS para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 3.3.1 incluida. Esto se debe a comprobaciones de validación insuficientes dentro de la función _register_user() llamada por la acción AJAX 'wp_ajax_nopriv_stm_lms_register'. Esto hace posible que atacantes no autenticados registren un usuario con privilegios de nivel de administrador cuando MasterStudy LMS Pro está instalado y el complemento LMS Forms Editor está habilitado.

*Credits: Hiroho Shimada

CVSS Scores

Wordfencev3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-02-25 First Exploit
2024-03-12 CVE Reserved
2024-03-28 CVE Published
2024-03-30 EPSS Updated
2024-08-08 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-266: Incorrect Privilege Assignment

CAPEC

References (11)

URL	Tag	Source
https://docs.stylemixthemes.com/masterstudy-lms/changelog-free-version#id-3.3.2
https://plugins.trac.wordpress.org/changeset/3059676/masterstudy-lms-learning-management-system
https://www.wordfence.com/threat-intel/vulnerabilities/id/94736152-b365-4b3a-a786-ed49f7d0fc7a?source=cve

URL	Date	SRC
https://github.com/ASR511-OO7/CVE-2024-24095	2024-02-25
https://github.com/ASR511-OO7/CVE-2024-24099	2024-02-25
https://github.com/ASR511-OO7/CVE-2024-24098	2024-03-02
https://github.com/ASR511-OO7/CVE-2024-24092	2024-03-06
https://github.com/ASR511-OO7/CVE-2024-24096	2024-02-25
https://github.com/ASR511-OO7/CVE-2024-24097	2024-03-06
https://github.com/ASR511-OO7/CVE-2024-24093	2024-03-06
https://github.com/ASR511-OO7/CVE-2024-24094	2024-03-06

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Stylemix Search vendor "Stylemix"		MasterStudy LMS WordPress Plugin – For Online Courses And Education Search vendor "Stylemix" for product "MasterStudy LMS WordPress Plugin – For Online Courses And Education"				<= 3.3.1 Search vendor "Stylemix" for product "MasterStudy LMS WordPress Plugin – For Online Courses And Education" and version " <= 3.3.1"		en		Affected