CVE-2023-4278

MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation

CVSS 7.5 HIGHEPSS 3.5%

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Produtos afetados

Unknown · MasterStudy LMS WordPress Plugin

PoCs públicas encontradas — 4

githubgithub.com/revan-ar/CVE-2023-4278★ 0 cve_referencepacketstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.htmlnão verificado cve_referencewpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235não verificado exploitdbwww.exploit-db.com/exploits/51735não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.html https://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235