CVE-2024-1904

Name of the Vulnerable Software and Affected Versions MasterStudy LMS plugin for WordPress versions up to, and including, 3.2.13

Description The issue allows unauthorized access to data due to a missing capability check on the search posts function. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts.

Recommendations For MasterStudy LMS plugin for WordPress versions up to, and including, 3.2.13, update to a version higher than 3.2.13 to resolve the issue. As a temporary workaround, consider restricting access to the search posts function to minimize the risk of exploitation.