Descrição
The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the ‘wp_ajax_nopriv_stm_lms_register’ AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges when MasterStudy LMS Pro is installed and the LMS Forms Editor add-on is enabled.
Software
Não informado
Tipo Software
Plugin
CVE
CVE-2024-2409
Tags
Nâo informado
Data de publicação
29/03/2024
Última atualização
14/02/2025
Pontuação em CVSS 3.0
9.8
Crítico