CVE-2023-4278

moderate-risk
Published 2023-09-11

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.

Do I need to act?

!
22.4% chance of exploitation in next 30 days
EPSS score — higher than 78% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
51735
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Stylemixthemes

References (4)

http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Acc...
Exploit https://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235
http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Acc...
Exploit https://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235
45
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 14/34 · Moderate
Exposure 5/34 · Minimal