Critical severity9.8NVD Advisory· Published Mar 29, 2024· Updated Apr 8, 2026
CVE-2024-2409
CVE-2024-2409
Description
The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges when MasterStudy LMS Pro is installed and the LMS Forms Editor add-on is enabled.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:wordpress:*:*Range: <3.3.2
- Range: <=3.3.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.