CVE-2024-5973

EUVD-2024-47094
The MasterStudy LMS WordPress Plugin  WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
stylemixthemesmasterstudy_lms
𝑥
< 3.3.24
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/59abfb7c-d5ea-45f2-ab9a-4391978e3805/
https://wpscan.com/vulnerability/59abfb7c-d5ea-45f2-ab9a-4391978e3805/