CVE-2026-42730
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through <= 3.7.29.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Blind SQL injection in MasterStudy LMS plugin (≤3.7.29) allows attackers to extract database content.
Vulnerability
A blind SQL injection vulnerability exists in the MasterStudy LMS plugin for WordPress (masterstudy-lms-learning-management-system) developed by Stylemix. The issue arises from improper neutralization of special elements used in an SQL command. This affects all versions from n/a through 3.7.29 [1].
Exploitation
An attacker can exploit this vulnerability by sending crafted SQL queries to vulnerable parameters without requiring authentication. The vulnerability is expected to be used in mass-exploit campaigns targeting thousands of websites [1].
Impact
Successful exploitation allows an attacker to directly interact with the database, potentially leading to information disclosure, such as stealing sensitive data. The CVSS score of 8.5 (High) highlights the severity [1].
Mitigation
Update to version 3.7.30 or later, which contains the fix. If unable to update immediately, apply the mitigation rule provided by Patchstack or ask your hosting provider for assistance [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <= 3.7.29
- Range: <=3.7.29
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.