admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 18:52:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-4278.md

20 lines
954 B
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2023-4278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4278)
![](https://img.shields.io/static/v1?label=Product&message=MasterStudy%20LMS%20WordPress%20Plugin&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.0.18%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen)
### Description
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.
### POC
#### Reference
- http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.html
Update CVE sources 2024-05-28 08:49
2024-05-28 08:49:17 +00:00
- https://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235
Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
#### Github
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/revan-ar/CVE-2023-4278
Reference in New Issue Copy Permalink