Description
WordPress Plugin MasterStudy LMS-for Online Courses and Education is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin MasterStudy LMS-for Online Courses and Education version 3.3.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.3.1 or latest
References
Related Vulnerabilities
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4133)
WordPress Plugin AdRotate-Ad manager & AdSense Ads SQL Injection (5.2)
WordPress Plugin Woocommerce CSV importer Arbitrary File Deletion (3.3.6)
ownCloud Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-2051)