Skip to content

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin

Notifications You must be signed in to change notification settings

tegal1337/CVE-2022-0441

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 

Repository files navigation

image

A vulnerability classified as critical was found in MasterStudy LMS Plugin up to 2.7.5 on WordPress (WordPress Plugin). This vulnerability affects an unknown part of the component New Account Handler. The manipulation with an unknown input leads to a privileges management vulnerability. The CWE definition for the vulnerability is CWE-269. The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was disclosed 03/07/2022 as 2667195. The advisory is available at wpscan.com. This vulnerability was named CVE-2022-0441 since 02/01/2022. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1068 by the MITRE ATT&CK project.

Upgrading to version 2.7.6 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at plugins.trac.wordpress.org. The best possible mitigation is suggested to be upgrading to the latest version.

Usage

git clona https://github.com/tegal1337/CVE-2022-0441
cd CVE-2022-0441
npm install
node index.js https://targeturl.com

Refference

https://vuldb.com/?id.194302

https://nvd.nist.gov/vuln/detail/cve-2022-0441

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0441

About

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published