CVE-2024-24882 Scanner

The Masteriyo LMS plugin for WordPress is a widely used eLearning and online course builder that enables users to create and manage online courses with ease. Developed by ThemeGrill, it is designed to be utilized by educational institutions, businesses offering training programs, and individual educators. The plugin is user-friendly and integrates seamlessly with WordPress, allowing users to manage course content, quizzes, and student enrollments. Its versatility and ease of use make it popular among WordPress users looking for an efficient learning management solution. However, ensuring the security of such widely used plugins is paramount to protect the integrity of online educational platforms.

The vulnerability in Masteriyo LMS arises due to a missing capability check in the update_logged_in_user() function, found in all versions up to and including 1.7.2. This flaw makes it possible for unauthenticated attackers to exploit the plugin and escalate their privileges. The ease of exploiting this vulnerability underscores its severity, allowing attackers to bypass authorization mechanisms and gain access to higher levels of privilege within the WordPress site. This serious security lapse can lead to unauthorized access and control over the plugin's administrative functionalities. As such, it is crucial to address this issue promptly to ensure the security and integrity of affected systems.

From a technical standpoint, the vulnerability is located in the update_logged_in_user() function, lacking proper capability checks. This oversight allows an attacker to exploit the function through crafted HTTP requests, resulting in privilege escalation. By manipulating this vulnerability, an attacker can change user roles, effectively giving themselves administrator access without any authentication. The vulnerability is recognized in the REST API endpoint that handles user updates and requires immediate remediation. The absence of robust input validation and proper authorization checks are the key factors that contribute to the exploitability of this vulnerability.

If successfully exploited, this vulnerability can have severe consequences for affected systems. Potential effects include unauthorized access to administrative functionalities, which could lead to data breaches, malware installation, and further exploitation of the affected WordPress site. The full control attained by the attacker can allow them to compromise sensitive information, manipulate site content, or disrupt service availability. Ultimately, exploitation can erode user trust, damage reputations, and lead to substantial financial and operational impacts for affected organizations.

REFERENCES

• https://wpscan.com/vulnerability/8407f428-12e7-4549-aa65-a241b7bdca41/
• https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/learning-management-system/masteriyo-lms-172-unauthenticated-privilege-escalation
• https://plugins.trac.wordpress.org/changeset/3022839/learning-management-system/tags/1.7.3/includes/RestApi/Controllers/Version1/UsersController.php?old=2959283&old_path=learning-management-system%2Ftrunk%2Fincludes%2FRestApi%2FControllers%2FVersion1%2FUsersController.php
• https://nvd.nist.gov/vuln/detail/CVE-2024-24882