What is CVE-2022-0441?

CVE-2022-0441 is a vulnerability in Masterstudy Lms – Wordpress Plugin, classified under Improper Privilege Management. Published 2022-03-07.

Is CVE-2022-0441 known to be exploited?

25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Privilege escalation in Masterstudy Lms – Wordpress Plugin

CVE-2022-0441

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin

Vulnerability class: Privilege Escalation

EPSS: 0.813 (99.2th percentile) — read the EPSS interpretation.

Affected products

Unknown Masterstudy Lms – Wordpress Plugin — versions 2.7.6

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

Public proof-of-concept exploits

References

wpscan.com/vulnerability/173c2efe-ee9c-4539-852f-c242b4f728ed (x_refsource_MISC)
plugins.trac.wordpress.org/changeset/2667195 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-0441?: CVE-2022-0441 is a vulnerability in Masterstudy Lms – Wordpress Plugin, classified under Improper Privilege Management. Published 2022-03-07.
Is CVE-2022-0441 known to be exploited?: 25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.