{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-3942", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-04-17T22:36:21.536Z", "datePublished": "2024-05-02T16:52:11.285Z", "dateUpdated": "2026-04-08T16:57:40.453Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:57:40.453Z"}, "affected": [{"vendor": "stylemix", "product": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.3.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticated attackers, with subscriber level permissions and above, to read and modify content such as course questions, post titles, and taxonomies."}], "title": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education <= 3.3.8 - Missing Authorization", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64eb3d67-7056-4a03-ba3b-a04c2e96648d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3078394/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Lucio S\u00e1"}], "timeline": [{"time": "2024-04-29T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-17T16:01:54.618384Z", "id": "CVE-2024-3942", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T16:02:05.835Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:26:57.163Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64eb3d67-7056-4a03-ba3b-a04c2e96648d?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3078394/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64eb3d67-7056-4a03-ba3b-a04c2e96648d?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3078394/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:26:57.163Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3942", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-17T16:01:54.618384Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T16:02:02.885Z"}}], "cna": {"title": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education <= 3.3.8 - Missing Authorization", "credits": [{"lang": "en", "type": "finder", "value": "Lucio S\u00e1"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}], "affected": [{"vendor": "stylemix", "product": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.3.8"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-04-29T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64eb3d67-7056-4a03-ba3b-a04c2e96648d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3078394/"}], "descriptions": [{"lang": "en", "value": "The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticated attackers, with subscriber level permissions and above, to read and modify content such as course questions, post titles, and taxonomies."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:57:40.453Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3942", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:57:40.453Z", "dateReserved": "2024-04-17T22:36:21.536Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-05-02T16:52:11.285Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "56E38771-024D-4557-AB80-3402461290BE", "versionEndExcluding": "3.3.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticated attackers, with subscriber level permissions and above, to read and modify content such as course questions, post titles, and taxonomies."}, {"lang": "es", "value": "El complemento MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education para WordPress es vulnerable al acceso no autorizado, modificaci\u00f3n y p\u00e9rdida de datos debido a una falta de verificaci\u00f3n de capacidad en varias funciones en versiones hasta la 3.3.8 incluida. Esto hace posible que atacantes autenticados, con permisos de nivel de suscriptor y superior, lean y modifiquen contenido como preguntas de cursos, t\u00edtulos de publicaciones y taxonom\u00edas."}], "id": "CVE-2024-3942", "lastModified": "2026-04-08T18:21:37.117", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-02T17:15:32.750", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/changeset/3078394/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64eb3d67-7056-4a03-ba3b-a04c2e96648d?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/changeset/3078394/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64eb3d67-7056-4a03-ba3b-a04c2e96648d?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}