Search
Find a vulnerability
Search criteria
4 vulnerabilities found for MasterStudy LMS WordPress Plugin by Unknown
CVE-2024-5973 (GCVE-0-2024-5973)
Vulnerability from nvd – Published: 2024-07-22 06:00 – Updated: 2025-08-27 12:00
VLAI
Title
MasterStudy LMS < 3.3.24 - Privilege Escalation to Instructor
Summary
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.
Severity
9.1 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/59abfb7c-d5ea-45… | exploitvdb-entrytechnical-description |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | MasterStudy LMS WordPress Plugin |
Affected:
0 , < 3.3.24
(semver)
|
|
| masterstudy_lms_wordpress_plugin | masterstudy_lms_wordpress_plugin |
Affected:
0 , < 3.3.24
(custom)
cpe:2.3:a:masterstudy_lms_wordpress_plugin:masterstudy_lms_wordpress_plugin:3.3.24:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:masterstudy_lms_wordpress_plugin:masterstudy_lms_wordpress_plugin:3.3.24:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "masterstudy_lms_wordpress_plugin",
"vendor": "masterstudy_lms_wordpress_plugin",
"versions": [
{
"lessThan": "3.3.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-5973",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T10:50:26.635445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T10:54:51.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/59abfb7c-d5ea-45f2-ab9a-4391978e3805/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MasterStudy LMS WordPress Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.3.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jaime F. Murillo"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn\u0027t have."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T12:00:32.296Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/59abfb7c-d5ea-45f2-ab9a-4391978e3805/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MasterStudy LMS \u003c 3.3.24 - Privilege Escalation to Instructor",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-5973",
"datePublished": "2024-07-22T06:00:05.733Z",
"dateReserved": "2024-06-13T14:59:07.742Z",
"dateUpdated": "2025-08-27T12:00:32.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4278 (GCVE-0-2023-4278)
Vulnerability from nvd – Published: 2023-09-11 19:46 – Updated: 2025-04-23 16:16
VLAI
Title
MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation
Summary
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/cb3173ec-9891-4b… | exploitvdb-entrytechnical-description |
| http://packetstormsecurity.com/files/175007/WordP… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | MasterStudy LMS WordPress Plugin |
Affected:
0 , < 3.0.18
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-4278",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T16:07:59.635969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:16:35.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "MasterStudy LMS WordPress Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Revan Arifio"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T16:06:11.729Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235"
},
{
"url": "http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MasterStudy LMS \u003c 3.0.18 - Unauthenticated Instructor Account Creation",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-4278",
"datePublished": "2023-09-11T19:46:08.650Z",
"dateReserved": "2023-08-09T18:41:16.088Z",
"dateUpdated": "2025-04-23T16:16:35.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5973 (GCVE-0-2024-5973)
Vulnerability from cvelistv5 – Published: 2024-07-22 06:00 – Updated: 2025-08-27 12:00
VLAI
Title
MasterStudy LMS < 3.3.24 - Privilege Escalation to Instructor
Summary
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.
Severity
9.1 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/59abfb7c-d5ea-45… | exploitvdb-entrytechnical-description |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | MasterStudy LMS WordPress Plugin |
Affected:
0 , < 3.3.24
(semver)
|
|
| masterstudy_lms_wordpress_plugin | masterstudy_lms_wordpress_plugin |
Affected:
0 , < 3.3.24
(custom)
cpe:2.3:a:masterstudy_lms_wordpress_plugin:masterstudy_lms_wordpress_plugin:3.3.24:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:masterstudy_lms_wordpress_plugin:masterstudy_lms_wordpress_plugin:3.3.24:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "masterstudy_lms_wordpress_plugin",
"vendor": "masterstudy_lms_wordpress_plugin",
"versions": [
{
"lessThan": "3.3.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-5973",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T10:50:26.635445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T10:54:51.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/59abfb7c-d5ea-45f2-ab9a-4391978e3805/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MasterStudy LMS WordPress Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.3.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jaime F. Murillo"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn\u0027t have."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T12:00:32.296Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/59abfb7c-d5ea-45f2-ab9a-4391978e3805/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MasterStudy LMS \u003c 3.3.24 - Privilege Escalation to Instructor",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-5973",
"datePublished": "2024-07-22T06:00:05.733Z",
"dateReserved": "2024-06-13T14:59:07.742Z",
"dateUpdated": "2025-08-27T12:00:32.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4278 (GCVE-0-2023-4278)
Vulnerability from cvelistv5 – Published: 2023-09-11 19:46 – Updated: 2025-04-23 16:16
VLAI
Title
MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation
Summary
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/cb3173ec-9891-4b… | exploitvdb-entrytechnical-description |
| http://packetstormsecurity.com/files/175007/WordP… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | MasterStudy LMS WordPress Plugin |
Affected:
0 , < 3.0.18
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-4278",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T16:07:59.635969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:16:35.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "MasterStudy LMS WordPress Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Revan Arifio"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T16:06:11.729Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235"
},
{
"url": "http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MasterStudy LMS \u003c 3.0.18 - Unauthenticated Instructor Account Creation",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-4278",
"datePublished": "2023-09-11T19:46:08.650Z",
"dateReserved": "2023-08-09T18:41:16.088Z",
"dateUpdated": "2025-04-23T16:16:35.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}