exploitDog

CVE-2023-4278

Опубликовано: 11 сент. 2023

Источник: nvd

CVSS3: 7.5

EPSS Средний

Описание

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.

Ссылки

http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.html
https://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.html
https://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:wordpress:*:*

Версия до 3.0.18 (исключая)

EPSS

Процентиль: 95%

0.18992

Средний

7.5 High

CVSS3

Дефекты

Связанные уязвимости

GHSA-522j-v5mv-h6mw

CVSS3: 7.5

github

больше 2 лет назад

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.

EPSS

Процентиль: 95%

0.18992

Средний

7.5 High

CVSS3

Дефекты