CVE-2024-2106 Vulnerability Details

  /     /     /  

CVE-2024-2106 Metadata Quick Info

CVE Published: 13/03/2024 | CVE Updated: 28/08/2024 | CVE Year: 2024
Source: Wordfence | Vendor: stylemix | Product: MasterStudy LMS WordPress Plugin – for Online Courses and Education
Status : PUBLISHED

---

CVE-2024-2106 Description

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user\'s username and email addresses which can be used to help perform future attacks.

Metrics

CVSS Version: 3.1 | Base Score: 5.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CWE-200 Information Exposure
Source: stylemix

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).