WordPress Plugin Vulnerabilities

Masteriyo LMS < 1.13.4 - Subscriber+ Privilege Escalation

Description

The plugin is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint. This makes it possible for authenticated attackers, with student-level access and above, to modify the roles of arbitrary users. As a result, attackers can escalate their privileges to the Administrator and demote existing administrators to students.

Proof of Concept

Affects Plugins

Plugin icon
learning-management-system
Fixed in 1.13.4

References

CVE
CVE-2024-10008
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/0c54166e-2af2-409d-8c67-9c07f2028543

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
8.8 (high)

Miscellaneous

Original Researcher
floerer
Verified
Yes
WPVDB ID
3a9ef6f7-3ea5-4329-b23d-71f5de8eac1e

Timeline

Publicly Published
2024-10-28 (about 1 year ago)
Added
2024-10-28 (about 1 year ago)
Last Updated
2026-05-25 (about 10 hours ago)

Other

Published
Title
Published
2024-07-22
Title
Language Translate Widget for WordPress – ConveyThis < 235 - Missing Authorization to Limited Option Update
Published
2024-08-28
Title
Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free < 3.7.4.1 - Missing Authorization to Unauthenticated Arbitrary Media Deletion
Published
2025-04-01
Title
WP Simple HTML Sitemap < 3.6 - Missing Authorization
Published
2025-03-04
Title
JNews - WordPress Newspaper Magazine Blog AMP Theme < 11.6.7 - Unauthorized User Registration
Published
2025-01-24
Title
People Lists < 2.0.0 - Missing Authorization