VYPR

Masterstudy Lms Learning Management System

by WordPress

Source repositories

CVEs (8)

  • CVE-2025-32141HigApr 4, 2025
    risk 0.57cvss 8.8epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows PHP Local File Inclusion.This issue affects MasterStudy LMS: from n/a through <=…

  • CVE-2026-42730HigMay 27, 2026
    risk 0.48cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through <= 3.7.29.

  • CVE-2025-64366HigOct 31, 2025
    risk 0.42cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through <= 3.6.27.

  • CVE-2026-4817MedApr 17, 2026
    risk 0.35cvss 6.5epss 0.00

    The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is…

  • CVE-2025-54744MedSep 5, 2025
    risk 0.35cvss 6.5epss 0.00

    Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through <= 3.6.15.

  • CVE-2025-13766MedJan 6, 2026
    risk 0.28cvss 5.4epss 0.00

    The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability checks on multiple REST API endpoints in all versions up to, and including, 3.7.6. This…

  • CVE-2025-32237MedApr 4, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through <= 3.5.28.

  • CVE-2025-59577MedSep 22, 2025
    risk 0.21cvss 4.3epss 0.00

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Leveraging Race Conditions.This issue affects MasterStudy LMS: from n/a through <= 3.6.20.