Login Sign Up

CVE-2024-3136

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

The MasterStudy LMS WordPress plugin has a Local File Inclusion vulnerability that allows unauthenticated attackers to include and execute arbitrary PHP files on the server. This affects all WordPress sites using MasterStudy LMS version 3.3.3 or earlier, potentially leading to complete system compromise.

💻 Affected Systems

Products:
  • MasterStudy LMS WordPress Plugin
Versions: All versions up to and including 3.3.3
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: All WordPress installations with vulnerable plugin versions are affected regardless of configuration.

📦 What is this software?

Masterstudy Lms by Stylemixthemes

View all CVEs affecting Masterstudy Lms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise with arbitrary code execution, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Unauthenticated attackers achieve remote code execution, install web shells, and steal sensitive data.

🟢

If Mitigated

Attackers can read sensitive files but not execute code if PHP execution is restricted for included files.

🌐 Internet-Facing: HIGH - Unauthenticated exploitation makes internet-facing WordPress sites extremely vulnerable.
🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but require network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple HTTP request manipulation required. Public exploit code is available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.3.4 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find MasterStudy LMS. 4. Click 'Update Now' or manually update to version 3.3.4+. 5. Verify update completes successfully.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable MasterStudy LMS plugin until patched

wp plugin deactivate masterstudy-lms-learning-management-system

Web Application Firewall Rule

linux

Block requests containing malicious 'template' parameter patterns

ModSecurity rule: SecRule ARGS:template "@rx \.\.|\/etc\/|php:\/\/" "id:1001,phase:2,deny,status:403"

🧯 If You Can't Patch

  • Implement strict file upload restrictions and disable PHP execution in upload directories
  • Deploy web application firewall with LFI protection rules and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > MasterStudy LMS version. If version is 3.3.3 or lower, you are vulnerable.

Check Version:

wp plugin get masterstudy-lms-learning-management-system --field=version

Verify Fix Applied:

Verify plugin version is 3.3.4 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests with 'template' parameter containing path traversal sequences (../)
  • Unusual file inclusion attempts in web server logs
  • PHP error logs showing file inclusion failures

Network Indicators:

  • HTTP GET/POST requests to MasterStudy LMS endpoints with suspicious template parameters
  • Traffic spikes to vulnerable plugin paths

SIEM Query:

source="web_logs" AND (uri_path="*masterstudy*" OR uri_path="*lms*") AND (query="*template=*../*" OR query="*template=*php:*" OR query="*template=*/etc/*")

📊 Metadata

CVE ID: CVE-2024-3136
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: April 9, 2024
Last Updated: January 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON