CVE-2024-5973

MasterStudy LMS < 3.3.24 - Privilege Escalation to Instructor

CVSS 9.1 CRITICALEPSS 0.5%

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.1EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

22 Jul 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Unknown · MasterStudy LMS WordPress Plugin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/59abfb7c-d5ea-45f2-ab9a-4391978e3805/