CVE-2024-2409 - Vulnerability Details - OpenCVE

The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges when MasterStudy LMS Pro is installed and the LMS Forms Editor add-on is enabled.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Stylemixthemes	Masterstudy Lms

Configuration 1 [-]

cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://docs.stylemixthemes.com/masterstudy-lms/changelog-free-version#id-3.3.2
https://plugins.trac.wordpress.org/changeset/3059676/masterstudy-lms-learning-management-system
https://www.wordfence.com/threat-intel/vulnerabilities/id/94736152-b365-4b3a-a786-ed49f7d0fc7a?source=cve

History

Thu, 13 Feb 2025 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Stylemixthemes Stylemixthemes masterstudy Lms
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:stylemixthemes:masterstudy_lms::::::wordpress::*
Vendors & Products		Stylemixthemes Stylemixthemes masterstudy Lms

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-03-29T08:31:29.816Z

Updated: 2024-08-08T18:34:51.364Z

Reserved: 2024-03-12T21:35:10.961Z

Link: CVE-2024-2409

Vulnrichment

Updated: 2024-08-01T19:11:53.476Z

NVD

Status : Analyzed

Published: 2024-03-29T09:15:07.733

Modified: 2025-02-13T17:00:33.790

Link: CVE-2024-2409

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2409", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-03-12T21:35:10.961Z", "datePublished": "2024-03-29T08:31:29.816Z", "dateUpdated": "2024-08-08T18:34:51.364Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-03-29T08:31:29.816Z"}, "affected": [{"vendor": "stylemix", "product": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "3.3.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges when MasterStudy LMS Pro is installed and the LMS Forms Editor add-on is enabled."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94736152-b365-4b3a-a786-ed49f7d0fc7a?source=cve"}, {"url": "https://docs.stylemixthemes.com/masterstudy-lms/changelog-free-version#id-3.3.2"}, {"url": "https://plugins.trac.wordpress.org/changeset/3059676/masterstudy-lms-learning-management-system"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-266 Incorrect Privilege Assignment"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Hiroho Shimada"}], "timeline": [{"time": "2024-03-13T00:00:00.000+00:00", "lang": "en", "value": "Vendor Notified"}, {"time": "2024-03-28T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:53.476Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94736152-b365-4b3a-a786-ed49f7d0fc7a?source=cve", "tags": ["x_transferred"]}, {"url": "https://docs.stylemixthemes.com/masterstudy-lms/changelog-free-version#id-3.3.2", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3059676/masterstudy-lms-learning-management-system", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "stylemixthemes", "product": "masterstudy_lms", "cpes": ["cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.3.2", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-08T18:33:47.419360Z", "id": "CVE-2024-2409", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T18:34:51.364Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2409", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-03-12T21:35:10.961Z", "datePublished": "2024-03-29T08:31:29.816Z", "dateUpdated": "2024-08-08T18:34:51.364Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-03-29T08:31:29.816Z"}, "affected": [{"vendor": "stylemix", "product": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "3.3.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges when MasterStudy LMS Pro is installed and the LMS Forms Editor add-on is enabled."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94736152-b365-4b3a-a786-ed49f7d0fc7a?source=cve"}, {"url": "https://docs.stylemixthemes.com/masterstudy-lms/changelog-free-version#id-3.3.2"}, {"url": "https://plugins.trac.wordpress.org/changeset/3059676/masterstudy-lms-learning-management-system"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-266 Incorrect Privilege Assignment"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Hiroho Shimada"}], "timeline": [{"time": "2024-03-13T00:00:00.000+00:00", "lang": "en", "value": "Vendor Notified"}, {"time": "2024-03-28T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:53.476Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94736152-b365-4b3a-a786-ed49f7d0fc7a?source=cve", "tags": ["x_transferred"]}, {"url": "https://docs.stylemixthemes.com/masterstudy-lms/changelog-free-version#id-3.3.2", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3059676/masterstudy-lms-learning-management-system", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2409", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-08T18:33:47.419360Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:*:*:*"], "vendor": "stylemixthemes", "product": "masterstudy_lms", "versions": [{"status": "affected", "version": "0", "lessThan": "3.3.2", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T18:34:42.080Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "475BCFD5-F33A-4EE6-85EC-42B03D2A0431", "versionEndExcluding": "3.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges when MasterStudy LMS Pro is installed and the LMS Forms Editor add-on is enabled."}, {"lang": "es", "value": "El complemento MasterStudy LMS para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 3.3.1 incluida. Esto se debe a comprobaciones de validaci\u00f3n insuficientes dentro de la funci\u00f3n _register_user() llamada por la acci\u00f3n AJAX 'wp_ajax_nopriv_stm_lms_register'. Esto hace posible que atacantes no autenticados registren un usuario con privilegios de nivel de administrador cuando MasterStudy LMS Pro est\u00e1 instalado y el complemento LMS Forms Editor est\u00e1 habilitado."}], "id": "CVE-2024-2409", "lastModified": "2025-02-13T17:00:33.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-03-29T09:15:07.733", "references": [{"source": "security@wordfence.com", "tags": ["Patch", "Release Notes"], "url": "https://docs.stylemixthemes.com/masterstudy-lms/changelog-free-version#id-3.3.2"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3059676/masterstudy-lms-learning-management-system"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94736152-b365-4b3a-a786-ed49f7d0fc7a?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Release Notes"], "url": "https://docs.stylemixthemes.com/masterstudy-lms/changelog-free-version#id-3.3.2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3059676/masterstudy-lms-learning-management-system"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94736152-b365-4b3a-a786-ed49f7d0fc7a?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}