CVE-2022-0441 – The MasterStudy LMS WordPress plugin before ver... (How to Fix)

Q: What is the severity of CVE-2022-0441?

CVE-2022-0441 has a CVSS score of 9.8 (CRITICAL). The MasterStudy LMS WordPress plugin before version 2.7.6 contains an authentication bypass vulnerability that allows unauthenticated attackers to register new accounts with administrator privileges. This affects all WordPress sites running vulnerable versions of the plugin. Attackers can gain full administrative control without any authentication.

📋 TL;DR

The MasterStudy LMS WordPress plugin before version 2.7.6 contains an authentication bypass vulnerability that allows unauthenticated attackers to register new accounts with administrator privileges. This affects all WordPress sites running vulnerable versions of the plugin. Attackers can gain full administrative control without any authentication.

💻 Affected Systems

Products:

MasterStudy LMS WordPress Plugin

Versions: All versions before 2.7.6

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires plugin to be installed and active; WordPress multisite installations also affected.

📦 What is this software?

Masterstudy Lms by Stylemixthemes

View all CVEs affecting Masterstudy Lms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover: attackers create admin accounts, install backdoors, steal data, deface site, or use as pivot point for network attacks.

🟠

Likely Case

Site compromise leading to data theft, malware injection, or ransomware deployment.

🟢

If Mitigated

Limited impact if plugin disabled or patched quickly; existing admin accounts remain protected.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP POST request to registration endpoint with modified parameters; widely exploited in the wild.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.7.6

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/2667195

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find MasterStudy LMS plugin. 4. Click 'Update Now' if update available. 5. If no update, manually download version 2.7.6+ from WordPress.org and replace plugin files.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily deactivate the vulnerable plugin until patched.

wp plugin deactivate masterstudy-lms-learning-management-system

Restrict Registration Endpoint

linux

Block access to user registration endpoints via web application firewall or .htaccess.

RewriteEngine On
RewriteRule ^wp-content/plugins/masterstudy-lms-learning-management-system/.*register.*$ - [F,L]

🧯 If You Can't Patch

Disable user registration entirely in WordPress settings
Implement IP-based restrictions on wp-admin and registration endpoints

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin panel under Plugins > Installed Plugins. If version is below 2.7.6, system is vulnerable.

Check Version:

wp plugin get masterstudy-lms-learning-management-system --field=version

Verify Fix Applied:

Confirm plugin version is 2.7.6 or higher. Test registration functionality with non-admin parameters to ensure validation works.

📡 Detection & Monitoring

Log Indicators:

Multiple user registration attempts from single IP
New admin user creation from unauthenticated IPs
POST requests to /wp-content/plugins/masterstudy-lms-learning-management-system/*register*

Network Indicators:

HTTP POST to registration endpoints with admin role parameters
Unusual traffic patterns to user registration URLs

SIEM Query:

source="wordpress.log" AND "register" AND "masterstudy" AND ("admin" OR "administrator")

📊 Metadata

CVE ID: CVE-2022-0441

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

Published: March 7, 2022

Last Updated: November 21, 2024

🔗 References

https://plugins.trac.wordpress.org/changeset/2667195 Patch,Third Party Advisory
https://wpscan.com/vulnerability/173c2efe-ee9c-4539-852f-c242b4f728ed Exploit,Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2667195 Patch,Third Party Advisory
https://wpscan.com/vulnerability/173c2efe-ee9c-4539-852f-c242b4f728ed Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0441, you might also want to check these: