Published: 11/09/2023 Updated: 07/11/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

The MasterStudy LMS WordPress Plugin WordPress plugin prior to 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.

Vulnerable Product	Search on Vulmon	Subscribe to Product
stylemixthemes masterstudy lms

WordPress Masterstudy LMS plugin version 3017 suffers from an unauthenticated instructor account creation vulnerability ...

CVE-2023-4278 Exploit Title: Wordpress Plugin Masterstudy LMS <= 3017 - Unauthenticated Instructor Account Creation Google Dork: inurl:/user-public-account Vendor Homepage: wordpressorg/plugins/masterstudy-lms-learning-management-system/ Software Link: stylemixthemescom Version: <= 3017 CVE : CVE-2023-4278

Wordpress Plugin Masterstudy LMS <= 3.0.17 - Unauthenticated Instructor Account Creation

CVE-2023-4278 Exploit Title: Wordpress Plugin Masterstudy LMS <= 3017 - Unauthenticated Instructor Account Creation Google Dork: inurl:/user-public-account Vendor Homepage: wordpressorg/plugins/masterstudy-lms-learning-management-system/ Software Link: stylemixthemescom Version: <= 3017 CVE : CVE-2023-4278

https://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235 http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.html https://nvd.nist.gov https://github.com/MRCRIMINAL001/EXPOLIT-SCAN https://github.com/revan-ar/CVE-2023-4278 https://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.html

CVE-2023-4278

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect