Unauthenticated Privilege Escalation Vulnerability in MasterStudy LMS Plugin
CVE-2024-2409

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Masterstudy Lms WordPress Plugin – For Online Courses And Education
Vendor: CVE Published:; 29 March 2024

Summary

The MasterStudy LMS plugin for WordPress exhibits a vulnerability that allows unauthenticated attackers to escalate privileges, particularly gaining administrator-level access through the _register_user() function linked with the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This occurs due to inadequate validation checks present in all versions prior to 3.3.2. When the LMS Forms Editor add-on is enabled, this flaw enables malicious actors to exploit the system and register themselves or others with elevated permissions, posing serious security risks to any website utilizing this plugin. Website administrators are urged to update to the latest version and review their security configurations.

Affected Version(s)

MasterStudy LMS WordPress Plugin – for Online Courses and Education * <= 3.3.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://docs.stylemixthemes.com/masterstudy-lms/changelog...

https://plugins.trac.wordpress.org/changeset/3059676/mast...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 29, 2024
Vulnerability Reserved
Mar 12, 2024

Credit

Hiroho Shimada