MasterStudy LMS < 3.0.9 – Subscriber+ Course Category Creation | CVE 2023-35093

Affects Plugins

masterstudy-lms-learning-management-system

Fixed in 3.0.9

References

CVE

CVE-2023-35093

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Rafshanzani Suhada

Verified

No

WPVDB ID

d4aaf211-d17f-441e-a528-0052a440896e

Timeline

Publicly Published

2023-06-15 (about 2 years ago)

Added

2023-06-22 (about 2 years ago)

Last Updated

2023-07-07 (about 2 years ago)

Other

Published

Title

Published

2023-12-27

Title

WooCommerce Easy Duplicate Product < 0.3.0.8 - Missing Authorization via wedp_duplicate_product_action

Published

2025-03-31

Title

ContentMX Content Publisher < 1.0.7 - Missing Authorization

Published

2022-08-25

Title

Event Calendar < 1.4.7 - Unauthenticated Arbitrary Event Deletion

Published

2025-09-26

Title

HivePress Claim Listings <= 1.1.3 - Missing Authorization

Published

2024-11-20

Title

Ultimate Member < 2.9.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update