MasterStudy LMS

Source repositories

https://plugins.svn.wordpress.org/masterstudy-lms-learning-management-system

CVEs (11)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-1512	Stylemixthemes Masterstudy Lms	Cri	0.64	9.8	0.93	Feb 17, 2024	The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping…
CVE-2024-3136	Stylemixthemes Masterstudy Lms	Cri	0.61	9.8	0.54	Apr 9, 2024	The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the…
CVE-2024-2411	Stylemixthemes Masterstudy Lms	Cri	0.57	9.8	0.03	Mar 29, 2024	The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution…
CVE-2024-2409	Stylemixthemes Masterstudy Lms	Cri	0.57	9.8	0.00	Mar 29, 2024	The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes…
CVE-2026-42730	WordPress Masterstudy Lms Learning Management System	Hig	0.55	8.5	—	May 27, 2026	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through <= 3.7.29.
CVE-2026-0559	MasterStudy MasterStudy LMS WordPress Plugin	Med	0.35	6.4	0.00	Feb 14, 2026	The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stm_lms_courses_grid_display' shortcode in all versions up to, and including, 3.7.11 due to insufficient input…
CVE-2024-2106	Stylemixthemes Masterstudy Lms	Med	0.28	5.3	0.02	Mar 13, 2024	The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's…
CVE-2024-1904	Stylemixthemes Masterstudy Lms	Med	0.21	4.3	0.00	Apr 9, 2024	The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and…
CVE-2023-4278	WordPress Masterstudy Lms Pro		0.05	—	0.19	Sep 11, 2023	The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.
CVE-2023-35093	WordPress MasterStudy LMS		0.00	—	0.00	Jun 22, 2023	Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order…
CVE-2023-35090	WordPress MasterStudy LMS		0.00	—	0.00	Jun 22, 2023	Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.7 versions.

CVE-2024-1512CriFeb 17, 2024
Stylemixthemes
Masterstudy Lms
risk 0.64cvss 9.8epss 0.93
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping…
CVE-2024-3136CriApr 9, 2024
Stylemixthemes
Masterstudy Lms
risk 0.61cvss 9.8epss 0.54
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the…
CVE-2024-2411CriMar 29, 2024
Stylemixthemes
Masterstudy Lms
risk 0.57cvss 9.8epss 0.03
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution…
CVE-2024-2409CriMar 29, 2024
Stylemixthemes
Masterstudy Lms
risk 0.57cvss 9.8epss 0.00
The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes…
CVE-2026-42730HigMay 27, 2026
WordPress
Masterstudy Lms Learning Management System
risk 0.55cvss 8.5epss —
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through <= 3.7.29.
CVE-2026-0559MedFeb 14, 2026
MasterStudy
MasterStudy LMS WordPress Plugin
risk 0.35cvss 6.4epss 0.00
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stm_lms_courses_grid_display' shortcode in all versions up to, and including, 3.7.11 due to insufficient input…
CVE-2024-2106MedMar 13, 2024
Stylemixthemes
Masterstudy Lms
risk 0.28cvss 5.3epss 0.02
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's…
CVE-2024-1904MedApr 9, 2024
Stylemixthemes
Masterstudy Lms
risk 0.21cvss 4.3epss 0.00
The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and…
CVE-2023-4278Sep 11, 2023
WordPress
Masterstudy Lms Pro
risk 0.05cvss —epss 0.19
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.
CVE-2023-35093Jun 22, 2023
WordPress
MasterStudy LMS
risk 0.00cvss —epss 0.00
Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order…
CVE-2023-35090Jun 22, 2023
WordPress
MasterStudy LMS
risk 0.00cvss —epss 0.00
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.7 versions.