[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fgEAksAixJv8WulcE7WItVhKhkKAUjWACxUvejVEpiqk":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2024-5973","masterstudy-lms-wordpress-plugin-for-online-courses-and-education-unauthenticated-limited-privilege-escalation-to-instru","MasterStudy LMS WordPress Plugin – for Online Courses and Education \u003C= 3.3.23 - Unauthenticated Limited Privilege Escalation to Instructor","The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.23. This is due to insufficient role restrictions when registering through the stm_lms_register AJAX endpoint. This makes it possible for unauthenticated attackers to register on sites with Instructor level access.","masterstudy-lms-learning-management-system",null,"\u003C=3.3.23","3.3.24","high",7.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:L","Improper Privilege Management","2024-07-01 00:00:00","2024-08-09 20:35:22",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F18498171-7db1-4ebb-8fe0-a66d9343cb46?source=api-prod",40]