CVE-2023-4278
published 2023-09-11CVE-2023-4278: The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the…
PriorityP354high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EXPLOIT
EPSS
3.50%
87.7th percentile
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| stylemixthemes | masterstudy_lms | < 3.0.18 | 3.0.18 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor POST requests to /wp-admin/admin-ajax.php with action=stm_lms_register containing the 'become_instructor' field set to true, which indicates an unauthenticated instructor privilege escalation attempt. ↗
- →Detect GET requests to /user-public-account followed by extraction of the 'stm_lms_register' nonce value, which is the first stage of the exploit chain. ↗
- →Flag unauthenticated GET requests to /wp-content/plugins/masterstudy-lms-learning-management-system/readme.txt, used by attackers to fingerprint vulnerable plugin versions (< 3.0.18). ↗
- →Use the Google Dork 'inurl:/user-public-account' to identify potentially exposed MasterStudy LMS registration pages that may be targeted by this exploit. ↗
- →Alert on newly created WordPress user accounts with the instructor role that were registered via the stm_lms_register AJAX action, especially when 'become_instructor' is true in the JSON body. ↗
- ·The exploit targets plugin versions strictly below 3.0.18. Version detection via the readme.txt file is used to confirm vulnerability; patched sites running 3.0.18 or later are not affected. ↗
- ·The nonce required for exploitation is publicly retrievable from the unauthenticated /user-public-account page, meaning no prior authentication or credentials are needed to launch the attack. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.htmlhttps://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.htmlhttps://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235
2023-09-11
Published