Wordfence has reported the successful resolution of significant vulnerabilities in the MasterStudy LMS WordPress plugin, thanks to the diligent efforts of our security researchers and the swift response from the plugin developer. Here’s a summary of the key details:
Vulnerabilities Discovered:
- Privilege Escalation: An unauthenticated attacker could exploit this vulnerability to grant themselves administrative privileges by manipulating user metadata during registration. This flaw affected versions up to 3.3.1 of the MasterStudy LMS plugin.
- Local File Inclusion (LFI): Two instances of LFI vulnerabilities were identified, allowing unauthenticated attackers to include and execute arbitrary PHP files on the server. These vulnerabilities impacted versions up to 3.3.0 and 3.3.3 of the plugin.
Responsible Disclosure and Patching:
- Security researcher, Hiroho Shimada, responsibly reported these vulnerabilities through the Wordfence Bug Bounty Program.
- Upon receiving the reports, we promptly initiated contact with StylemixThemes, the developer of the MasterStudy LMS plugin.
- StylemixThemes responded promptly, acknowledging the reports and swiftly releasing patches to address the vulnerabilities.
- The patches for the Privilege Escalation and LFI vulnerabilities were released in versions 3.3.2 and 3.3.4 of the plugin, respectively.
Recommendations for Users:
- We urge all users of the MasterStudy LMS plugin to update their sites to the latest patched version (3.3.4) promptly to mitigate the risks posed by these vulnerabilities.
- Sharing this advisory with others who use the plugin can help ensure their sites remain secure and protected against potential exploits.