Cyber Resilience

CVE-2023-4278

HighPublic PoC

Published: 11 September 2023

Published
11 September 2023
Modified
23 April 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.2136 95.8th percentile
Risk Priority 28 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-4278 is a high-severity an unspecified weakness vulnerability in Stylemixthemes Masterstudy Lms. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 4.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The MasterStudy LMS WordPress plugin before version 3.0.18 contains a missing authorization check during user registration that permits any unauthenticated visitor to create an account with the instructor role. The affected component is the registration workflow in this learning-management-system plugin for WordPress, which subsequently grants the newly created account the ability to publish courses and posts.

An attacker can exploit the flaw over the network without authentication or user interaction, achieving high-integrity impact by adding arbitrary course content or posts to the site. The CVSS 3.1 score of 7.5 reflects the combination of network accessibility, low attack complexity, and absence of required privileges.

Public references on WPScan and Packet Storm document the issue and include proof-of-concept material showing account creation, but do not detail additional mitigations beyond upgrading to 3.0.18 or later. The EPSS score has remained near 0.21–0.22 with no material rise after disclosure.

EU & UK References

Vulnerability details

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.

CWE(s)
None listed

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

stylemixthemes
masterstudy lms
≤ 3.0.18

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References