CyberSecurityBoard
Sponsor Register Login

$937 Bounty Awarded for Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin

On February 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for a Privilege Escalation vulnerability in MasterStudy LMS, a WordPress plugin with more than 10,000 active installations.
The next day on February 26th, 2024, and later on March 31st, we also received submissions for a Local File Inclusion vulnerability in the MasterStudy LMS WordPress plugin.
This researcher earned a bounty of $625.00 for the Privilege Escalation and $312.00 for the Local File Inclusion during our Bug Bounty Program Extravaganza.
The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1.
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter.
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter.
MasterStudy LMS is a WordPress plugin, which includes many features, such as user-friendly course builder, and the MasterStudy LMS Pro plugin provides a lot of premium add-ons for the free plugin.
Examining the code reveals that the plugin uses the load modal() function in the STM LMS Helpers class to load the modal template file via AJAX. This function calls the load lms template() in the STM LMS Helpers class.
Since the plugin also uses the file exists() function for file checking, the other popular remote code execution method using wrappers is also not possible.
Php is used for remote code execution, which is also a common attack method for local file inclusion vulnerabilities.
February 25, 2024 - We receive the submission of the Privilege Escalation vulnerability in MasterStudy LMS via the Wordfence Bug Bounty Program.
February 26, 2024 - We receive the submission of the Local File Inclusion via modal vulnerability in MasterStudy LMS via the Wordfence Bug Bounty Program.
February 28, 2024 - We validate the Local File Inclusion via modal vulnerability in MasterStudy LMS report and confirm the proof-of-concept exploit.
March 20, 2024 - The fully patched version for the Local File Inclusion via modal vulnerability of the MasterStudy LMS plugin, 3.3.1, is released.
March 27, 2024 - The fully patched version for the Privilege Escalation vulnerability of the MasterStudy LMS plugin, 3.3.2, is released.
March 31, 2024 - We receive the submission of the Local File Inclusion via template vulnerability in MasterStudy LMS via the Wordfence Bug Bounty Program.
April 1, 2024 - We validate the Local File Inclusion via template vulnerability in MasterStudy LMS report and confirm the proof-of-concept exploit.
April 4, 2024 - The fully patched version for the Local File Inclusion via template vulnerability of the MasterStudy LMS plugin, 3.3.4, is released.
In this blog post, we detailed a Privilege Escalation vulnerability affecting versions 3.3.1 and earlier of the MasterStudy LMS plugin.
We also detailed Local File Inclusion vulnerabilities affecting versions 3.3.3 and earlier of the MasterStudy LMS plugin.


This Cyber News was published on www.wordfence.com. Publication date: Tue, 09 Apr 2024 14:43:05 +0000


Cyber News related to $937 Bounty Awarded for Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin

$937 Bounty Awarded for Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin - On February 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for a Privilege Escalation vulnerability in MasterStudy LMS, a WordPress plugin with more than 10,000 active installations. The next day on February 26th, ...
7 months ago Wordfence.com
Record Breaking $153,000+ Already Invested into the Security of the WordPress Ecosystem by Wordfence - In just a few short months since our launch in November of last year, the Wordfence Bug Bounty Program has already awarded over $153,000 in bounties to WordPress security researchers who have been responsibly reporting security issues in WordPress ...
8 months ago Wordfence.com
Microsoft launches Defender Bounty Program with $20,000 rewards - Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000. While higher awards are possible, Microsoft retains sole discretion to determine the final reward amount based ...
11 months ago Bleepingcomputer.com
The 20 Most Essential Crypto Bug Bounty Programs - Working with cryptocurrency has become more and more popular in the last few years, but it’s not without risks. It’s important for sites that conduct digital payments and transfers to have security measures in place to help keep your data safe ...
1 year ago Hackread.com
SQL Injection Vulnerability Patched in Tutor LMS WordPress Plugin - On February 15th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an authenticated SQL Injection vulnerability in Tutor LMS, a WordPress plugin with more than 80,000+ active installations. Props to Muhammad Hassham ...
8 months ago Wordfence.com
CVE-2023-2813 - All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before ...
1 year ago
Revolutionizing WordPress Bug Bounty and Security: Latest Enhancements to the Wordfence Bug Bounty Program - Our team has triaged around 2,140 vulnerability submissions, with about 1,320 deemed in-scope. Together with our researchers and software vendors, we've protected millions of websites from vulnerabilities - and this is just the beginning. We're ...
6 months ago Wordfence.com
WordPress Security Research: A Beginner's Series - Over the coming months, this series will be presented through multiple blog posts, each delving into the fundamentals of WordPress's architecture and security mechanisms while featuring real-world examples of vulnerabilities and their exploitation. ...
4 months ago Wordfence.com
HackerOne paid ethical hackers over $300 million in bug bounties - HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform's inception. Thirty hackers have earned over a million USD for their submissions, and ...
11 months ago Bleepingcomputer.com
Google Paid Out $10 Million via Bug Bounty Programs in 2023 - Google on Tuesday announced that it paid out a total of $10 million through its bug bounty programs in 2023, bringing the total amount awarded by the tech giant for vulnerabilities found in its products since 2010 to $59 million. The total paid out ...
8 months ago Securityweek.com
Netflix Paid Out Over $1 Million via Bug Bounty Program - Netflix has paid out more than $1 million for vulnerabilities found in its systems and products since the launch of its bug bounty program in 2016. The streaming giant said on Tuesday that more than 5,600 researchers have contributed to its program ...
5 months ago Packetstormsecurity.com
30,000 WordPress Sites affected by Arbitrary SQL Execution Vulnerability Patched in Visualizer WordPress Plugin - On April 10th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an authenticated SQL Execution vulnerability in Visualizer, a WordPress plugin with more than 30,000 active installations. Props to Krzysztof Zając who ...
6 months ago Wordfence.com
Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin - On December 14th, 2023, during our Bug Bounty Program Holiday Bug Extravaganza, we received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations. This vulnerability ...
10 months ago Wordfence.com
Google Chrome 120 Released with Patch for 10 Critical Security Flaws - Google has recently released Chrome 120 for Windows, Mac, and Linux. This version of Chrome comes with 10 security patches to ensure a safer browsing experience for its users. The most recent versions of Chrome available to users are 120.0.6099.62 ...
11 months ago Cybersecuritynews.com
Too Much Escaping Backfires, Allows Shortcode-Based XSS Vulnerability in Contact Form Entries WordPress Plugin - On February 24th, 2024, during our second Bug Bounty Extravaganza, we received a submission for a stored Cross-Site Scripting vulnerability in Contact Form Entries, a WordPress plugin with more than 60,000+ active installations. The vulnerability ...
8 months ago Wordfence.com
Google paid $10 million in bug bounty rewards last year - Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. Though this is lower than the $12 million Google's Vulnerability Reward Program paid ...
8 months ago Bleepingcomputer.com
Zoom flaw enabled hijacking of accounts with access to meetings, team chat - A Zoom flaw that enabled the hijacking of service accounts with access to potentially confidential information was disclosed by bug hunters this week. The vulnerability in the Zoom Rooms feature mostly affected Zoom tenants using email addresses from ...
11 months ago Packetstormsecurity.com
WordPress Request Architecture and Hooks - Before diving into the security features of WordPress, it's critical to understand the underlying request architecture. WordPress is a dynamic system that processes and responds to user requests in various ways, depending on the nature of the request ...
4 months ago Wordfence.com
CVE-2024-2409 - The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the ...
7 months ago
75K+ WordPress Sites Impacted by Critical Plugin Flaws - A large-scale breach has impacted more than 75,000 WordPress sites that are running an online course plugin. According to security researchers, the plugin has three critical vulnerabilities that could expose customer data and be used to take over ...
1 year ago Bleepingcomputer.com
What Is a Privilege Escalation Attack? Types & Prevention - Privilege escalation is a method that threat actors use to increase their access to systems and data that they aren't authorized to see. This guide to privilege escalation attacks covers the two main types, the avenues attackers use, and detection ...
11 months ago Esecurityplanet.com
Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack - On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through the WordPress repository. We immediately notified the WordPress Plugin's Team and they removed the ...
4 months ago Wordfence.com
Poking holes in Google products bagged bug hunters $10M The Register - Google awarded $10 million to 632 bug hunters last year through its vulnerability reward programs. The web goliath's 2023 total represents a slight dip compared to the $12 million in bounties it paid the previous year. Hopefully this means ...
8 months ago Go.theregister.com
$1,900 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in Cookie Information - This vulnerability could be used by authenticated attackers, with authenticated access, to update arbitrary options and leverage that for privilege escalation. Props to Lucio Sá who discovered and responsibly reported this vulnerability through the ...
9 months ago Wordfence.com
8,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in WP Hotel Booking WordPress Plugin - The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, ...
1 month ago Wordfence.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)