CVE-2024-3942

{"id": "CVE-2024-3942", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2024-05-02T17:15:32.750", "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3078394/", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64eb3d67-7056-4a03-ba3b-a04c2e96648d?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset/3078394/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64eb3d67-7056-4a03-ba3b-a04c2e96648d?source=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticated attackers, with subscriber level permissions and above, to read and modify content such as course questions, post titles, and taxonomies."}, {"lang": "es", "value": "El complemento MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education para WordPress es vulnerable al acceso no autorizado, modificaci\u00f3n y p\u00e9rdida de datos debido a una falta de verificaci\u00f3n de capacidad en varias funciones en versiones hasta la 3.3.8 incluida. Esto hace posible que atacantes autenticados, con permisos de nivel de suscriptor y superior, lean y modifiquen contenido como preguntas de cursos, t\u00edtulos de publicaciones y taxonom\u00edas."}], "lastModified": "2025-01-21T19:56:20.700", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "56E38771-024D-4557-AB80-3402461290BE", "versionEndExcluding": "3.3.9"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}