A high-severity vulnerability has been identified in the WordPress MasterStudy LMS Plugin. This vulnerability could allow a malicious actor with low privileges to escalate their privileges to something higher, such as administrator privileges. This could then allow them to take full control of the website.
This alarming security vulnerability, discovered and reported by Revan Arifio, falls under the category of Privilege Escalation vulnerabilities.
The vulnerability is a Privilege Escalation vulnerability that occurs in the masterstudy-lms.php file. The vulnerability allows an attacker to exploit a flaw in the way that the plugin handles user input to gain elevated privileges.
The vulnerability has a CVSS 3.1 score of 7.3, which is considered to be high. This means that the vulnerability is likely to be exploited and could have a significant impact on the affected system.
The vulnerability affects all versions of the MasterStudy LMS Plugin prior to 3.0.18.
An attacker who successfully exploits this vulnerability could:
- Gain administrator privileges on the website.
- Install malicious plugins or themes.
- Delete or modify files.
- Inject malicious code into the website.
- Take any other action that an administrator could do.
Given the critical nature of this vulnerability, users can take the following steps immediately:
- Update the Plugin: Users of the MasterStudy LMS Plugin are strongly advised to update to the latest available version (at least 3.0.18). This vulnerability has been fixed in version 3.0.18.
- Regular Security Audits: Conduct regular security audits of the WordPress website to identify and address any potential vulnerabilities. This proactive approach helps ensure the ongoing security and integrity of the site.
- Monitor for Official Updates: Stay informed about official updates or advisories related to the MasterStudy LMS Plugin. Promptly apply any patches or fixes released by the plugin’s developers to maintain the highest level of security.