CVE-2024-5973

EUVD-2024-47094
The MasterStudy LMS WordPress Plugin  WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
stylemixthemesmasterstudy_lms
𝑥
< 3.3.24
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
masterstudy_lms_wordpress_pluginmasterstudy_lms_wordpress_plugin
𝑥
< 3.3.24
ADP
References
https://wpscan.com/vulnerability/59abfb7c-d5ea-45f2-ab9a-4391978e3805/
https://wpscan.com/vulnerability/59abfb7c-d5ea-45f2-ab9a-4391978e3805/