Description
WordPress Plugin MasterStudy LMS-for Online Courses and Education is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin MasterStudy LMS-for Online Courses and Education version 3.3.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.3.4 or latest
References
Related Vulnerabilities
WordPress Plugin YITH Desktop Notifications for WooCommerce Security Bypass (1.2.7)
WordPress Plugin Campaign URL Builder Cross-Site Request Forgery (1.5.0)
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9046)
WordPress Plugin Coming Soon/Maintenance mode Ready! Cross-Site Request Forgery (0.5.0)
WordPress Plugin Easy Digital Downloads QR Code Cross-Site Scripting (1.1.0)