CVE-2024-2106: Infoleak
First published: Wed Mar 13 2024(Updated: )
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and email addresses which can be used to help perform future attacks.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MasterStudy LMS plugin for WordPress | <=3.2.10 | |
| MasterStudy LMS WordPress Plugin | <3.2.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://plugins.svn.wordpress.org/masterstudy-lms-learning-management-system/tags/3.2.8/_core/lms/classes/models/StmUser.php
- https://plugins.svn.wordpress.org/masterstudy-lms-learning-management-system/tags/3.2.8/_core/lms/route.php
- https://plugins.trac.wordpress.org/changeset/3045511/masterstudy-lms-learning-management-system/tags/3.2.11/_core/lms/route.php?old=3036794&old_path=masterstudy-lms-learning-management-system/trunk/_core/lms/route.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/27e4d519-bc98-44d3-a519-72674184e7f2?source=cve
- agent/author
- agent/references
- agent/type
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/first-publish-date
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/stylemixthemes
- canonical/masterstudy lms wordpress plugin