MasterStudy LMS < 3.3.2 – Unauthenticated Privilege Escalation | CVE 2024-2409 | Plugin Vulnerabilities

Description

The plugin is vulnerable to Privilege Escalation due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges when MasterStudy LMS Pro is installed and the LMS Forms Editor add-on is enabled.

Affects Plugins

masterstudy-lms-learning-management-system

Fixed in 3.3.2

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/94736152-b365-4b3a-a786-ed49f7d0fc7a

Classification

Type

PRIVESC

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Hiroho Shimada

Verified

No

WPVDB ID

4e59f1ed-6231-4245-ac61-faa7b2063791

Timeline

Publicly Published

2024-03-28 (about 2 years ago)

Added

2024-03-29 (about 2 years ago)

Last Updated

2024-03-29 (about 2 years ago)

Other

Published

Title

Published

2023-06-19

Title

Greeklish-permalink < 3.5 - Unauthenticated Post Slug Update

Published

2025-05-30

Title

PSW Front-end Login & Registration <= 1.12 - Unauthenticated Account Takeover/Privilege Escalation

Published

2025-05-12

Title

Frontend Dashboard 1.0 - 2.2.7 - Subscriber+ Privilege Escalation via fed_admin_setting_form_function Function

Published

2018-09-06

Title

wpForo < 1.5.2 - Privilege Escalation

Published

2025-09-23

Title

Goodlayers Core < 2.1.7 - Authenticated (Contributor+) Privilege Escalation