CVE-2024-1512

🗓️ 17 Feb 2024 07:36:57Reported by WordfenceType

cve🔗 web.nvd.nist.gov👁 131 Views🌐 WEB

MasterStudy LMS WordPress Plugin SQL Injection Vulnerabilit

Reporter	Title	Published	Views	Family All 13
GithubExploit	Exploit for SQL Injection in Stylemixthemes Masterstudy_Lms	1 Mar 202411:08	–	githubexploit
Circl	CVE-2024-1512	17 Feb 202409:21	–	circl
CNNVD	WordPress Plugin MasterStudy LMS WordPress Plugin Security Vulnerability	17 Feb 202400:00	–	cnnvd
Cvelist	CVE-2024-1512 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.5 - Unauthenticated SQL Injection	17 Feb 202407:36	–	cvelist
Nuclei	MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection	2 Jun 202610:14	–	nuclei
NVD	CVE-2024-1512	17 Feb 202408:15	–	nvd
OSV	CVE-2024-1512	17 Feb 202408:15	–	osv
Patchstack	WordPress MasterStudy LMS Plugin <= 3.2.5 is vulnerable to SQL Injection	19 Feb 202400:00	–	patchstack
Prion	Sql injection	17 Feb 202408:15	–	prion
RedhatCVE	CVE-2024-1512	5 Feb 202505:27	–	redhatcve

NVD

Vulners

Vulnrichment

Node

stylemixthemes masterstudy_lmsRange≤3.2.5wordpress

[
  {
    "vendor": "stylemix",
    "product": "MasterStudy LMS WordPress Plugin – for Online Courses and Education",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "3.2.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/3036794/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/models/StmStatistics.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/d6b6d824-51d3-4da9-a39a-b957368df4dc

Parameter	Position	Path	Description	CWE
user	query param	lms/stm-lms/order/items	Union-based SQL Injection via the 'user' parameter in the /lms/stm-lms/order/items REST route of MasterStudy LMS WordPress Plugin (affecting versions up to 3.2.5).	CWE-89

08 Apr 2026 19:20Current

9.5High risk

Vulners AI Score9.5

CVSS 3.19.8

EPSS0.93251

SSVC

CWE-89