Medium severity4.3NVD Advisory· Published Apr 9, 2024· Updated Apr 8, 2026
CVE-2024-1904
CVE-2024-1904
Description
The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:wordpress:*:*Range: <3.3.0
- Range: <=3.2.13
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.