Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin

On February 25th, 2024, during the second Wordfence Bug Bounty Extravaganza, a submission was received for a Privilege Escalation vulnerability in MasterStudy LMS, a WordPress plugin with more than 10,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative privileges by updating user metadata during registration. The next day on February 26th, 2024, and later on March 31st, we also received submissions for a Local File Inclusion vulnerability in the MasterStudy LMS WordPress plugin. This vulnerability makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files.

Props to Hiroho Shimada who discovered and responsibly reported these vulnerabilities through the Wordfence Bug Bounty Program. This researcher earned a bounty of $625.00 for the Privilege Escalation and $312.00 for the Local File Inclusion during our Bug Bounty Program Extravaganza.

All Wordfence users are protected against any exploits targeting these vulnerabilities by the Wordfence firewall’s protection.

Wordfence contacted StylemixThemes on March 13, 2024, and received a response on the same day. After providing full disclosure details, the developer released the first patch on March 20, 2024, the second patch on March 27, 2024, and the third patch on April 4, 2024. We would like to commend StylemixThemes for their prompt response and timely patches.

We urge users to update their sites with the latest patched version of MasterStudy LMS, which is version 3.3.4, as soon as possible.

Source and more details: https://www.wordfence.com/blog/2024/04/937-bounty-awarded-for-privilege-escalation-and-local-file-inclusion-vulnerabilities-patched-in-masterstudy-lms-wordpress-plugin

Posted in Updates, Vulnerability.