Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-5973 | 1 Stylemixthemes | 1 Masterstudy Lms | 2024-08-01 | N/A | 8.8 HIGH |
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have. | |||||
CVE-2023-35090 | 1 Stylemixthemes | 1 Masterstudy Lms | 2024-02-04 | N/A | 5.4 MEDIUM |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.7 versions. | |||||
CVE-2023-35093 | 1 Stylemixthemes | 1 Masterstudy Lms | 2024-02-04 | N/A | 6.5 MEDIUM |
Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more. | |||||
CVE-2022-0441 | 1 Stylemixthemes | 1 Masterstudy Lms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin |