CVE-2024-2106

Sažetak

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and email addresses which can be used to help perform future attacks.

Reference

https://plugins.svn.wordpress.org/masterstudy-lms-learning-management-system/tags/3.2.8/_core/lms/classes/models/StmUser.php
https://plugins.svn.wordpress.org/masterstudy-lms-learning-management-system/tags/3.2.8/_core/lms/route.php
https://plugins.trac.wordpress.org/changeset/3045511/masterstudy-lms-learning-management-system/tags/3.2.11/_core/lms/route.php?old=3036794&old_path=masterstudy-lms-learning-management-system/trunk/_core/lms/route.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/27e4d519-bc98-44d3-a519-72674184e7f2?source=cve
https://plugins.svn.wordpress.org/masterstudy-lms-learning-management-system/tags/3.2.8/_core/lms/classes/models/StmUser.php
https://plugins.svn.wordpress.org/masterstudy-lms-learning-management-system/tags/3.2.8/_core/lms/route.php
https://plugins.trac.wordpress.org/changeset/3045511/masterstudy-lms-learning-management-system/tags/3.2.11/_core/lms/route.php?old=3036794&old_path=masterstudy-lms-learning-management-system/trunk/_core/lms/route.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/27e4d519-bc98-44d3-a519-72674184e7f2?source=cve

CVSS

Base:	5.3
Impact:	1.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Zadnje važnije ažuriranje

22-01-2025 - 19:48

Objavljeno

13-03-2024 - 16:15