MasterStudy LMS WordPress Plugin – for Online Courses and Education < 3.2.11 – Basic Information Exposure via REST route | CVE 2024-2106 | Plugin Vulnerabilities

Description

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and email addresses which can be used to help perform future attacks.

Affects Plugins

masterstudy-lms-learning-management-system

Fixed in 3.2.11

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/27e4d519-bc98-44d3-a519-72674184e7f2

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Hiroho Shimada

Verified

No

WPVDB ID

ac41a969-0e7c-4028-9606-ec0a6ee65ccc

Timeline

Publicly Published

2024-03-06 (about 2 years ago)

Added

2024-03-06 (about 2 years ago)

Last Updated

2024-03-06 (about 2 years ago)

Other

Published

Title

Published

2025-09-22

Title

Envíos Coordinadora Woocommerce <= 1.1.32 - Unauthenticated Sensitive Information Exposure

Published

2026-03-22

Title

ReviewX 2.3.0 - Unauthenticated Sensitive Information Exposure

Published

2024-01-10

Title

WPS Hide Login < 1.9.12 - Hidden Login Page Location Disclosure

Published

2026-04-23

Title

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce < 7.2.2 - Authenticated (Subscriber+) Information Exposure

Published

2024-11-05

Title

Contact Form 7 – Dynamic Text Extension < 4.5.1 - Information Disclosure via Shortcode