CVE-2023-4278

HIGH

MasterStudy LMS <3.0.18 - Info Disclosure

Title source: llm

Description

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.

Exploits (2)

exploitdb WORKING POC

by Revan Arifio · pythonwebappsphp

https://www.exploit-db.com/exploits/51735

View Code ZIP pw:eip

nomisec WORKING POC

by revan-ar · poc

https://github.com/revan-ar/CVE-2023-4278

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.html

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235

Scores

CVSS v3 7.5

EPSS 0.1935

EPSS Percentile 95.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Status published

Products (1)

stylemixthemes/masterstudy_lms < 3.0.18

Published Sep 11, 2023

Tracked Since Feb 18, 2026