Lucene search
K

240 matches found

Cvelist
Cvelist
added 2026/01/06 8:21 a.m.28 views

CVE-2025-13766 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.6 Missing Authorization to Authenticated (Subscriber+) Posts and Media Creation, Modification and Deletion

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability checks on multiple REST API endpoints in all versions up to, and including, 3.7.6. This makes it possible for...

5.4CVSS0.00146EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/06 8:21 a.m.3 views

CVE-2025-13766 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.6 Missing Authorization to Authenticated (Subscriber+) Posts and Media Creation, Modification and Deletion

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability checks on multiple REST API endpoints in all versions up to, and including, 3.7.6. This makes it possible for...

5.4CVSS5.1AI score0.00146EPSS
Exploits0References2
CVE
CVE
added 2026/01/06 8:21 a.m.23 views

CVE-2025-13766

CVE-2025-13766 affects MasterStudy LMS WordPress Plugin – for Online Courses and Education. Wordfence reports that, due to missing authorization checks on multiple REST API endpoints, authenticated users with Subscriber+ privileges can upload/delete media, modify posts, and manage course template...

5.4CVSS5.1AI score0.00146EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/01/05 10:41 p.m.5 views

WordPress MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.7.6 Missing Authorization to Authenticated (Subscriber+) Posts and Media Creation, Modification and Deletion vulnerability

for Online Courses and Education plugin = 3.7.6 Missing Authorization to Authenticated Subscriber+ Posts and Media Creation, Modification and Deletion vulnerability discovered by thinnawarth mathuros in WordPress Plugin MasterStudy LMS versions = 3.7.6...

5.4CVSS6.8AI score0.00146EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.5 views

CVE-2025-64214

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

7.5CVSS7AI score0.003EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:22 a.m.24 views

CVE-2025-64214 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

7.5CVSS0.003EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 7:22 a.m.14 views

CVE-2025-64214

CVE-2025-64214 concerns the WordPress MasterStudy LMS Pro plugin (masterstudy-lms-learning-management-system-pro) prior to version 4.7.16. The issue is a Missing Authorization vulnerability that allows Accessing Functionality Not Properly Constrained by ACLs, effectively enabling arbitrary conten...

7.5CVSS6.6AI score0.003EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:22 a.m.24 views

CVE-2025-64213 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

7.5CVSS0.00303EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 7:22 a.m.18 views

CVE-2025-64213

CVE-2025-64213 describes an information disclosure in the WordPress plugin MasterStudy LMS Pro (styles: MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro) where sensitive data can be retrieved due to insertion of sensitive information into sent data. Affected version range is Mas...

7.5CVSS6.5AI score0.00303EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.3 views

WordPress plugin MasterStudy LMS Pro 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin MasterStudy LMS Pro. The...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.5 views

PT-2025-52164

Insertion of Sensitive Information Into Sent Data vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

6.9AI score0.00303EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.4 views

PT-2025-52165

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

7AI score0.003EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.4 views

WordPress plugin MasterStudy LMS Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

7.5CVSS6.6AI score0.003EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/11/15 4:9 p.m.6 views

WordPress MasterStudy LMS plugin <= 3.6.27 - SQL Injection vulnerability

SQL Injection vulnerability discovered by YCInfosec in WordPress Plugin MasterStudy LMS versions = 3.6.27...

7.6CVSS8.1AI score0.00255EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/01 12:4 p.m.15 views

CVE-2025-64366

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.6.27...

7.6CVSS7.7AI score0.00255EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 12:30 p.m.6 views

EUVD-2025-37327

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.6.27...

7.6CVSS7.1AI score0.00255EPSS
Exploits0References2
NVD
NVD
added 2025/10/31 12:15 p.m.8 views

CVE-2025-64366

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.6.27...

7.6CVSS0.00255EPSS
Exploits0References1
CVE
CVE
added 2025/10/31 11:42 a.m.14 views

CVE-2025-64366

The CVE-2025-64366 entry documents a SQL Injection flaw in Stylemix MasterStudy LMS through the WordPress MasterStudy LMS plugin, affecting versions up to 3.6.27 (and_prior to 3.6.28 per PT-Security). Root cause: lack of input validation and improper neutralization of special SQL elements, enabli...

7.6CVSS7.3AI score0.00255EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/31 11:42 a.m.3 views

CVE-2025-64366 WordPress MasterStudy LMS plugin <= 3.6.27 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.6.27...

7.6CVSS7.3AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/30 9:16 a.m.6 views

CVE-2025-64212

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

5.4CVSS6.9AI score0.00197EPSS
Exploits0References1
Rows per page
Query Builder