CVE-2024-5973

The MasterStudy LMS WordPress Plugin  WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CISA-ADPADP
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
stylemixthemesmasterstudy_lms
𝑥
< 3.3.24
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/59abfb7c-d5ea-45f2-ab9a-4391978e3805/
https://wpscan.com/vulnerability/59abfb7c-d5ea-45f2-ab9a-4391978e3805/