CVE-2022-0441— MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation

EPSS 81.35% · P99 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-0441

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation

Source: NVD (National Vulnerability Database)

Vulnerability Description

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

特权管理不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

WordPress plugin MasterStudy LMS 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin MasterStudy LMS 2.7.5版本存在安全漏洞，该漏洞源于插件缺少访问控制，攻击者可利用该漏洞创建管理帐户。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Unknown	MasterStudy LMS – WordPress LMS Plugin	2.7.6 ~ 2.7.6	-

II. Public POCs for CVE-2022-0441

#	POC Description	Source Link	Shenlong Link
1	WordPress Plugin MasterStudy LMS 2.7.5 - Unauthenticated Admin Account Creation	https://github.com/biulove0x/CVE-2022-0441	POC Details
2	CVE-2022-0441 - MasterStudy LMS 2.7.6	https://github.com/SDragon1205/cve-2022-0441	POC Details
3	The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin	https://github.com/tegal1337/CVE-2022-0441	POC Details
4	Checker for CVE-2022-0441	https://github.com/kyukazamiqq/CVE-2022-0441	POC Details
5	WordPress MasterStudy LMS plugin before 2.7.6 is susceptible to improper access control. The plugin does not validate some parameters given when registering a new account, which can allow an attacker to register as an admin, thus potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-0441.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-0441

请登录查看更多情报信息。

https://plugins.trac.wordpress.org/changeset/2667195x_refsource_CONFIRM
https://wpscan.com/vulnerability/173c2efe-ee9c-4539-852f-c242b4f728edx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2022-0441

Same Patch Batch · Unknown · 2022-03-07 · 38 CVEs total

CVE-2022-0429		WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Unauthenticated Stored Cross-Site S
CVE-2022-0267		AdRotate < 5.8.22 - Admin+ SQL Injection
CVE-2022-0347		LoginPress < 1.5.12 - Reflected Cross-Site Scripting
CVE-2022-0349		NotificationX < 2.3.9 - Unauthenticated Blind SQL Injection
CVE-2022-0384		Video Conferencing with Zoom < 3.8.17 - E-mail Address Disclosure
CVE-2022-0389		WP Time Slots Booking Form < 1.1.63 - Admin+ Stored Cross-Site Scripting
CVE-2022-0410		WP Visitor Statistics (Real Time Traffic) < 5.6 - Subscriber+ SQL Injection
CVE-2022-0420		RegistrationMagic < 5.0.2.2 - Admin+ SQL Injection
CVE-2022-0422		White Label MS < 2.2.9 - Reflected Cross-Site Scripting
CVE-2022-0426		Product Feed PRO for WooCommerce < 11.2.3 - Reflected Cross-Site Scripting
CVE-2022-0205		YOP Poll < 6.3.5 - Author+ Stored Cross-Site Scripting
CVE-2022-0434		Page Views Count < 2.4.15 - Unauthenticated SQL Injection
CVE-2022-0439		Email Subscribers & Newsletters < 5.3.2 - Subscriber+ Blind SQL injection
CVE-2022-0440		Catch Themes Demo Import < 2.1.1 - Admin+ Remote Code Execution
CVE-2022-0442		UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override
CVE-2022-0445		WordPress Real Cookie Banner < 2.14.2 - Settings Reset via CSRF
CVE-2022-0448		CP Blocks < 1.0.15 - Admin+ Stored Cross-Site Scripting
CVE-2022-0533		Ditty (formerly Ditty News Ticker) < 3.0.15 - Reflected Cross-Site Scripting (XSS)
CVE-2022-0535		E2Pdf < 1.16.45 - Admin+ Stored Cross-Site Scripting (XSS)
CVE-2021-24953		Advanced iFrame < 2022 - Reflected Cross-Site Scripting

Showing top 20 of 38 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: Unknown

Same weakness: CWE-269

V. Comments for CVE-2022-0441

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-0441— MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation

I. Basic Information for CVE-2022-0441

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2022-0441

III. Intelligence Information for CVE-2022-0441

Same Patch Batch · Unknown · 2022-03-07 · 38 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-0441

Leave a comment