CVE-2022-0441

CRITICAL EXPLOITED NUCLEI

MasterStudy LMS <2.7.6 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2022-0441 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 6 public exploits from researchers including numan türle, biulove0x, tegal1337, including a Metasploit module auxiliary/admin/http/wp_masterstudy_privesc. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated admin account creation vulnerability in WordPress Plugin MasterStudy LMS versions <2.7.6. It sends a crafted POST request to the admin-ajax.php endpoint with a JSON payload that includes administrator capabilities, bypassing normal registration restrictions.

Description

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin

Exploits (6)

exploitdb WORKING POC
by numan türle · textwebappsphp
https://www.exploit-db.com/exploits/50752

This exploit demonstrates an unauthenticated admin account creation vulnerability in WordPress Plugin MasterStudy LMS versions <2.7.6. It sends a crafted POST request to the admin-ajax.php endpoint with a JSON payload that includes administrator capabilities, bypassing normal registration restrictions.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin MasterStudy LMS <2.7.6
No auth needed
Prerequisites: Access to the target WordPress site's admin-ajax.php endpoint · Valid nonce value
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 6 stars
by biulove0x · poc
https://github.com/biulove0x/CVE-2022-0441

This PoC exploits CVE-2022-0441, an unauthenticated admin account creation vulnerability in WordPress Plugin MasterStudy LMS versions <2.7.6. It automates the process of creating an admin account by leveraging a nonced AJAX endpoint.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin MasterStudy LMS <2.7.6
No auth needed
Prerequisites: Target must have MasterStudy LMS plugin version <2.7.6 installed · WordPress site must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by tegal1337 · remote
https://github.com/tegal1337/CVE-2022-0441

This PoC exploits a privilege escalation vulnerability in MasterStudy LMS Plugin (CVE-2022-0441) by manipulating the 'wp_capabilities' field during registration to grant administrator privileges. It sends a crafted POST request to the WordPress admin-ajax.php endpoint with a hardcoded nonce value.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: MasterStudy LMS Plugin up to 2.7.5 on WordPress
No auth needed
Prerequisites: Target WordPress site with vulnerable MasterStudy LMS Plugin · Valid nonce value (hardcoded in PoC)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by SDragon1205 · remote
https://github.com/SDragon1205/cve-2022-0441

This exploit PoC demonstrates an authentication bypass vulnerability in the MasterStudy LMS plugin for WordPress, allowing an attacker to register an administrator account by manipulating the 'wp_capabilities' field during registration.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: MasterStudy LMS Plugin for WordPress (versions affected by CVE-2022-0441)
No auth needed
Prerequisites: Target must have the vulnerable MasterStudy LMS plugin installed and active · AJAX endpoint must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER
by kyukazamiqq · infoleak
https://github.com/kyukazamiqq/CVE-2022-0441

This repository contains a Python script that checks for vulnerable versions of the MasterStudy LMS Learning Management System plugin by fetching the readme.txt file and comparing the version number. It is a scanner rather than an exploit, as it does not perform any offensive actions beyond version detection.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: MasterStudy LMS Learning Management System < 2.7.6
No auth needed
Prerequisites: List of target URLs in a file named 'lms.txt'
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by h00die, Numan Türle · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/wp_masterstudy_privesc.rb

This Metasploit module exploits a privilege escalation vulnerability in MasterStudy LMS WordPress plugin (CVE-2022-0441) to create an administrator account without authentication.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: MasterStudy LMS WordPress plugin < 2.7.6
No auth needed
Prerequisites: WordPress site with vulnerable MasterStudy LMS plugin
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

MasterStudy LMS <2.7.6 - Improper Access Control
CRITICALVERIFIEDby dwisiswant0,theamanrawat

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/173c2efe-ee9c-4539-852f-c242b4f728ed
Patch, Third Party Advisory x_refsource_confirm
https://plugins.trac.wordpress.org/changeset/2667195

Scores

CVSS v3 9.8
EPSS 0.8135
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-02-01
CWE
CWE-269
Status published
Products (1)
stylemixthemes/masterstudy_lms < 2.7.6
Published Mar 07, 2022
Tracked Since Feb 18, 2026