CVE-2023-4278

MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation

CVSS 7.5 HIGHEPSS 3.5%

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Productos afectados

Unknown · MasterStudy LMS WordPress Plugin

PoCs públicas encontradas — 4

githubgithub.com/revan-ar/CVE-2023-4278★ 0 cve_referencepacketstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.htmlno verificado cve_referencewpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235no verificado exploitdbwww.exploit-db.com/exploits/51735no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.html https://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235