CVE-2023-4278

MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation

CVSS 7.5 HIGHEPSS 3.5%

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Unknown · MasterStudy LMS WordPress Plugin

public PoCs found — 4

githubgithub.com/revan-ar/CVE-2023-4278★ 0 cve_referencepacketstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.htmlunverified cve_referencewpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235unverified exploitdbwww.exploit-db.com/exploits/51735unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.html https://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235