cleantalk
Vulnerabilities and Security Researches

MasterStudy LMS WordPress Plugin – for Online Courses and Education, CVE-2024-1904

CVE, Research URL

CVE-2024-1904

Home page URL

Security reports for MasterStudy LMS WordPress Plugin – for Online Courses and Education

Application

MasterStudy LMS WordPress Plugin – for Online Courses and Education

Published on
Apr 10, 2024
Research Description
The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts.
Affected versions
Min -, max 3.3.0.
Status
vulnerable
Previous vulnerability researches
MasterStudy LMS WordPress Plugin – for Online Courses and Education (CVE-2025-32141) , Apr 05, 2025
MasterStudy LMS WordPress Plugin – for Online Courses and Education (CVE-2025-32237) , Apr 05, 2025
MasterStudy LMS WordPress Plugin – for Online Courses and Education (CVE-2024-37093) , Jun 24, 2024
MasterStudy LMS WordPress Plugin – for Online Courses and Education (CVE-2024-37094) , Jun 24, 2024
MasterStudy LMS WordPress Plugin – for Online Courses and Education (CVE-2022-0441) , Jun 07, 2024
New vulnerability
3DPrint Lite (CVE-2025-3428) , Apr 09, 2025
3DPrint Lite (CVE-2025-3429) , Apr 09, 2025
3DPrint Lite (CVE-2025-3427) , Apr 09, 2025
3DPrint Lite (CVE-2025-3430) , Apr 09, 2025
Widgetize Pages Light (CVE-2025-32117) , Apr 09, 2025