Description

WordPress Plugin MasterStudy LMS-for Online Courses and Education is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin MasterStudy LMS-for Online Courses and Education version 3.2.10 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.2.11 or latest

References

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/masterstudy-lms-learning-management-system/masterstudy-lms-wordpress-plugin-for-online-courses-and-education-3210-basic-information-exposure-via-rest-route

https://docs.stylemixthemes.com/masterstudy-lms/changelog-free-version#id-3.2.11

Related Vulnerabilities

WordPress Plugin ProPlayer SQL Injection (4.7.9.1)

WordPress Plugin WP Basic Elements Cross-Site Request Forgery (5.2.15)

OpenVPN AS Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2022-33738)

jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312)

Python Files or Directories Accessible to External Parties Vulnerability (CVE-2019-13404)

Severity

High

Classification

CVE-2024-2106 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Information Disclosure