Lucene search
K

123 matches found

NVD
NVD
added 2026/02/19 7:17 a.m.6 views

CVE-2025-13563

The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizzalmsproregisteruserfrontend' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to...

9.8CVSS0.00368EPSS
Exploits0References2
CVE
CVE
added 2026/02/19 4:36 a.m.19 views

CVE-2025-13563

CVE-2025-13563 affects the Lizza LMS Pro plugin for WordPress, vulnerable in all versions up to 1.0.3 due to improper restriction in lizza_lms_pro_register_user_front_end, allowing unauthenticated attackers to supply the administrator role during registration and gain admin access. No remediation...

9.8CVSS5.5AI score0.00368EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/19 4:36 a.m.31 views

CVE-2025-13563 Lizza LMS Pro <= 1.0.3 - Unauthenticated Privilege Escalation

The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizzalmsproregisteruserfrontend' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to...

9.8CVSS0.00368EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.5 views

CVE-2025-13563 Lizza LMS Pro <= 1.0.3 - Unauthenticated Privilege Escalation

The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizzalmsproregisteruserfrontend' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to...

9.8CVSS5.3AI score0.00368EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

WordPress plugin Lizza LMS Pro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.8CVSS5.7AI score0.00368EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.8 views

PT-2026-20600

The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizza lms pro register user front end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated...

9.8CVSS5.5AI score0.00368EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/01/13 1:35 p.m.6 views

WordPress Tutor LMS Pro plugin <= 3.8.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Tutor LMS Pro versions = 3.8.3...

8.1AI score0.00283EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.5 views

CVE-2025-64214

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

7.5CVSS7AI score0.003EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 7:22 a.m.15 views

CVE-2025-64214

CVE-2025-64214 concerns the WordPress MasterStudy LMS Pro plugin (masterstudy-lms-learning-management-system-pro) prior to version 4.7.16. The issue is a Missing Authorization vulnerability that allows Accessing Functionality Not Properly Constrained by ACLs, effectively enabling arbitrary conten...

7.5CVSS6.6AI score0.003EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:22 a.m.26 views

CVE-2025-64214 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

7.5CVSS0.003EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:22 a.m.26 views

CVE-2025-64213 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

7.5CVSS0.00303EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/18 7:22 a.m.3 views

CVE-2025-64213 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

7.5CVSS6.5AI score0.00303EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 7:22 a.m.20 views

CVE-2025-64213

CVE-2025-64213 describes an information disclosure in the WordPress plugin MasterStudy LMS Pro (styles: MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro) where sensitive data can be retrieved due to insertion of sensitive information into sent data. Affected version range is Mas...

7.5CVSS6.5AI score0.00303EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.6 views

WordPress plugin MasterStudy LMS Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

7.5CVSS6.6AI score0.003EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.4 views

WordPress plugin MasterStudy LMS Pro 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin MasterStudy LMS Pro. The...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.4 views

PT-2025-52165

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

7AI score0.003EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.7 views

PT-2025-52164

Insertion of Sensitive Information Into Sent Data vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

6.9AI score0.00303EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/11/10 1:49 a.m.8 views

WordPress Academy LMS Pro plugin <= 3.3.8 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script' vulnerability

Unauthenticated Sensitive Information Exposure via 'enqueuesocialloginscript' vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin Academy LMS Pro versions = 3.3.8...

5.3CVSS6.7AI score0.00249EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/08 8:27 a.m.2 views

CVE-2025-12098 Academy LMS Pro <= 3.3.8 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script'

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.8 via the 'enqueuesocialloginscript' function. This makes it possible for unauthenticated attackers to extract...

5.3CVSS5.4AI score0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/08 8:27 a.m.9 views

CVE-2025-12098 Academy LMS Pro <= 3.3.8 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script'

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.8 via the 'enqueuesocialloginscript' function. This makes it possible for unauthenticated attackers to extract...

5.3CVSS0.00249EPSS
Exploits0References2
Rows per page
Query Builder