CVE-2023-4278

Published: Sep 11, 2023Modified: Apr 23, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.

Affected (1)

Products: Stylemixthemes: Masterstudy Lms

Stylemixthemes

1 product

Masterstudy Lms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Stylemixthemes Masterstudy Lms	Before 3.0.18

References (4)

http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.html

Source: contact@wpscan.com

https://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235

Source: contact@wpscan.com

ExploitThird Party Advisory

http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.