Lucene search
K

240 matches found

Nuclei
Nuclei
added 2 days ago163 views

MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection

The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...

9.8CVSS7AI score0.77729EPSS
Exploits1References4
NVD
NVD
added 2026/06/29 3:16 p.m.9 views

CVE-2026-57330

Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...

6.5CVSS0.00171EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 1:36 p.m.35 views

CVE-2026-57330 WordPress MasterStudy LMS plugin <= 3.7.27 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...

6.5CVSS0.00171EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 1:36 p.m.9 views

EUVD-2026-40101

Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...

6.5CVSS5.8AI score0.00171EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-57640

Subscriber Broken Access Control in MasterStudy LMS = 3.7.30 versions...

4.3CVSS0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.32 views

CVE-2026-57640 WordPress MasterStudy LMS plugin <= 3.7.30 - Broken Access Control vulnerability

Subscriber Broken Access Control in MasterStudy LMS = 3.7.30 versions...

4.3CVSS0.00243EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.5 views

CVE-2026-57640

Subscriber Broken Access Control in MasterStudy LMS = 3.7.30 versions...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 2:53 p.m.12 views

CVE-2026-57640

CVE-2026-57640 : A Broken Access Control vulnerability affects the WordPress plugin MasterStudy LMS up to version 3.7.30 . The issue is documented with a CVSS 3.1 base score of 4.3 (Medium) and describes restricted access conditions that could permit unauthorized exposure of resources. The availa...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.12 views

EUVD-2026-36976

Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...

8.5CVSS5.7AI score0.00332EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.28 views

CVE-2026-40766 WordPress MasterStudy LMS plugin <= 3.7.25 - SQL Injection vulnerability

Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...

8.5CVSS0.00332EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.18 views

CVE-2026-40766

CVE-2026-40766 concerns the WordPress MasterStudy LMS plugin (versions

8.5CVSS5.7AI score0.00332EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 1:3 p.m.9 views

CVE-2025-64215 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

6.5CVSS5.2AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 1:3 p.m.39 views

CVE-2025-64215 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

6.5CVSS0.00196EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 1:3 p.m.21 views

CVE-2025-64215

CVE-2025-64215 affects WordPress MasterStudy LMS Pro (StylemixThemes) prior to 4.7.16. The issue is a Missing Authorization vulnerability causing Broken Access Control by allowing access to functionality not properly constrained by ACLs. The publicly cited source (Patchstack) lists the vulnerabil...

6.5CVSS5.3AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.9 views

CVE-2026-4817

The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...

6.5CVSS5.8AI score0.00462EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 2:16 a.m.11 views

CVE-2026-8653

The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00217EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:26 a.m.8 views

CVE-2026-8653

The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS5.9AI score0.00217EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 1:26 a.m.13 views

EUVD-2026-34191

The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS5.9AI score0.00217EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 1:26 a.m.23 views

CVE-2026-8653

The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to a generic SQL Injection via the 'columns' parameter in all versions up to and including 4.8.20, caused by insufficient escaping of the user-supplied value and inadequate query preparation. Authenticated attackers with instructor-l...

6.5CVSS5.9AI score0.00217EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46129

The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS5.9AI score0.00217EPSS
Exploits0References3
Rows per page
Query Builder