Masteriyo LMS Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in the Masteriyo LMS plugin for WordPress, affecting all versions through 2.1.6. The issue arises because the plugin allows users to modify their roles via the 'InstructorsController::prepare_object_for_database' function. This vulnerability enables authenticated attackers with Student-level access or higher to escalate their privileges to that of an administrator.

Impact

Exploitation of this vulnerability allows authenticated users with Student-level access to gain administrative privileges on the WordPress site.

Reproduction

To reproduce this vulnerability, an authenticated user with Student-level access must send a request to the WordPress REST API to update their user role. This can be done by accessing the 'InstructorsController' endpoint and including the desired role in the request. The absence of proper authorization checks allows the user to successfully change their role to administrator.

Remediation

Users are advised to update the Masteriyo LMS plugin to version 2.1.7 or later, where this vulnerability has been patched.