CVE-2022-0441

This PoC exploits CVE-2022-0441, an unauthenticated admin account creation vulnerability in WordPress Plugin MasterStudy LMS versions <2.7.6. It automates the process of creating an admin account by leveraging a nonced AJAX endpoint.

This exploit PoC demonstrates an authentication bypass vulnerability in the MasterStudy LMS plugin for WordPress, allowing an attacker to register an administrator account by manipulating the 'wp_capabilities' field during registration.

This PoC exploits a privilege escalation vulnerability in MasterStudy LMS Plugin (CVE-2022-0441) by manipulating the 'wp_capabilities' field during registration to grant administrator privileges. It sends a crafted POST request to the WordPress admin-ajax.php endpoint with a hardcoded nonce value.

This repository contains a Python script that checks for vulnerable versions of the MasterStudy LMS Learning Management System plugin by fetching the readme.txt file and comparing the version number. It is a scanner rather than an exploit, as it does not perform any offensive actions beyond version detection.

This exploit demonstrates an unauthenticated admin account creation vulnerability in WordPress Plugin MasterStudy LMS versions <2.7.6. It sends a crafted POST request to the admin-ajax.php endpoint with a JSON payload that includes administrator capabilities, bypassing normal registration restrictions.

This Metasploit module exploits a privilege escalation vulnerability in MasterStudy LMS WordPress plugin (CVE-2022-0441) to create an administrator account without authentication.