PRP: LFI in MasterStudy CVE-2024-3136

[RaulDoyensec]

Description

MasterStudy LMS is a plugin for WordPress with a new CVE found in 2024 (Local File Inclusion). I would like to write a plugin for this CVE as it could lead to Remote Code Execution from unauthenticated users.

References

• https://nvd.nist.gov/vuln/detail/CVE-2024-3136
• https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/masterstudy-lms-learning-management-system/masterstudy-lms-333-unauthenticated-local-file-inclusion-via-template