Masterstudy Lms
by Stellarwp
Source repositories
CVEs (24)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-1512 | Cri | 0.64 | 9.8 | 0.78 | Feb 17, 2024 | The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping… | ||
| CVE-2024-3136 | Cri | 0.61 | 9.8 | 0.05 | Apr 9, 2024 | The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the… | ||
| CVE-2025-4800 | Hig | 0.57 | 8.8 | 0.01 | May 28, 2025 | The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stm_lms_add_assignment_attachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with… | ||
| CVE-2025-32141 | Hig | 0.57 | 8.8 | 0.01 | Apr 4, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows PHP Local File Inclusion.This issue affects MasterStudy LMS: from n/a through <=… | ||
| CVE-2024-2411 | Cri | 0.57 | 9.8 | 0.02 | Mar 29, 2024 | The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution… | ||
| CVE-2024-2409 | Cri | 0.57 | 9.8 | 0.01 | Mar 29, 2024 | The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes… | ||
| CVE-2025-64214 | Hig | 0.49 | 7.5 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16. | ||
| CVE-2025-64213 | Hig | 0.49 | 7.5 | 0.00 | Dec 18, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16. | ||
| CVE-2025-64209 | Hig | 0.49 | 7.5 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in StylemixThemes Masterstudy masterstudy allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy: from n/a through < 4.8.122. | ||
| CVE-2025-64364 | Hig | 0.49 | 7.5 | 0.00 | Oct 31, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue affects Masterstudy: from n/a through < 4.8.126. | ||
| CVE-2025-7438 | Hig | 0.49 | 7.5 | 0.01 | Jul 18, 2025 | The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'install_and_activate_plugin' function in all versions up to, and including, 4.7.9. This makes it possible for authenticated attackers, with… | ||
| CVE-2025-64366 | Hig | 0.42 | 7.6 | 0.00 | Oct 31, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through <= 3.6.27. | ||
| CVE-2025-59576 | Med | 0.42 | 6.5 | 0.00 | Sep 22, 2025 | Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through <= 3.6.20. | ||
| CVE-2024-3942 | Med | 0.41 | 6.3 | 0.00 | May 2, 2024 | The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it… | ||
| CVE-2025-64212 | Med | 0.35 | 5.4 | 0.00 | Oct 29, 2025 | Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16. | ||
| CVE-2025-54744 | Med | 0.35 | 6.5 | 0.00 | Sep 5, 2025 | Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through <= 3.6.15. | ||
| CVE-2024-43990 | Med | 0.34 | 5.3 | 0.00 | Sep 25, 2024 | Insertion of Sensitive Information into Log File vulnerability in StylemixThemes Masterstudy LMS Starter.This issue affects Masterstudy LMS Starter: from n/a through 1.1.8. | ||
| CVE-2025-59575 | Med | 0.32 | 4.9 | 0.00 | Oct 22, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS: from n/a through <= 3.6.20. | ||
| CVE-2025-32237 | Med | 0.28 | 4.3 | 0.00 | Apr 4, 2025 | Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through <= 3.5.28. | ||
| CVE-2024-37093 | Med | 0.28 | 4.3 | 0.00 | Jan 2, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Cross Site Request Forgery.This issue affects MasterStudy LMS: from n/a through <= 3.2.1. |
- risk 0.64cvss 9.8epss 0.78
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping…
- risk 0.61cvss 9.8epss 0.05
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the…
- risk 0.57cvss 8.8epss 0.01
The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stm_lms_add_assignment_attachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with…
- risk 0.57cvss 8.8epss 0.01
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows PHP Local File Inclusion.This issue affects MasterStudy LMS: from n/a through <=…
- risk 0.57cvss 9.8epss 0.02
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution…
- risk 0.57cvss 9.8epss 0.01
The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes…
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in StylemixThemes Masterstudy masterstudy allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy: from n/a through < 4.8.122.
- risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue affects Masterstudy: from n/a through < 4.8.126.
- risk 0.49cvss 7.5epss 0.01
The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'install_and_activate_plugin' function in all versions up to, and including, 4.7.9. This makes it possible for authenticated attackers, with…
- risk 0.42cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through <= 3.6.27.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through <= 3.6.20.
- risk 0.41cvss 6.3epss 0.00
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it…
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
- risk 0.35cvss 6.5epss 0.00
Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through <= 3.6.15.
- risk 0.34cvss 5.3epss 0.00
Insertion of Sensitive Information into Log File vulnerability in StylemixThemes Masterstudy LMS Starter.This issue affects Masterstudy LMS Starter: from n/a through 1.1.8.
- risk 0.32cvss 4.9epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS: from n/a through <= 3.6.20.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through <= 3.5.28.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Cross Site Request Forgery.This issue affects MasterStudy LMS: from n/a through <= 3.2.1.
Page 1 of 2