374 matches found
WordPress plugin MasterStudy LMS SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress MasterStudy LMS plugin <= 3.7.29 - SQL Injection vulnerability
SQL Injection vulnerability discovered by walow in WordPress Plugin MasterStudy LMS versions = 3.7.29...
WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rafie Muhammad in WordPress Plugin MasterStudy LMS Pro versions 4.7.16...
WordPress MasterStudy LMS plugin <= 3.7.25 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Jakub Herman in WordPress Plugin MasterStudy LMS versions = 3.7.25...
WordPress MasterStudy LMS plugin <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters vulnerability
Authenticated Subscriber+ Time-based Blind SQL Injection via 'order' and 'orderby' Parameters vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin MasterStudy LMS versions = 3.7.25...
CVE-2026-4817
The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...
CVE-2026-4817 MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters
The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...
CVE-2026-4817
The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...
CVE-2026-4817 MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters
The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...
EUVD-2026-23338
The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...
CVE-2026-4817
The MasterStudy LMS WordPress Plugin for Online Courses and Education is affected by CVE-2026-4817 (versions up to 3.7.25). A time-based blind SQL injection exists in the /lms/stm-lms/order/items REST API endpoint via the order/orderby parameters due to insufficient input sanitization and a desig...
WordPress plugin MasterStudy LMS WordPress Plugin for Online Courses and Education 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-33393
The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...
CVE-2026-0559
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stmlmscoursesgriddisplay' shortcode in all versions up to, and including, 3.7.11 due to insufficient input sanitization and output escaping o...
CVE-2026-0559
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stmlmscoursesgriddisplay' shortcode in all versions up to, and including, 3.7.11 due to insufficient input sanitization and output escaping o...
CVE-2026-0559 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stmlmscoursesgriddisplay' shortcode in all versions up to, and including, 3.7.11 due to insufficient input sanitization and output escaping o...
CVE-2026-0559 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stmlmscoursesgriddisplay' shortcode in all versions up to, and including, 3.7.11 due to insufficient input sanitization and output escaping o...
CVE-2026-0559
The Patchstack entry documents a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress MasterStudy LMS plugin for Online Courses and Education, affecting versions ≤ 3.7.11. The issue can be triggered by an authenticated Contributor+ user via the stm_lms_courses_grid_display shortcode, ...
CVE-2026-0559
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stmlmscoursesgriddisplay' shortcode in all versions up to, and including, 3.7.11 due to insufficient input sanitization and output escaping o...
PT-2026-8063
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stm lms courses grid display' shortcode in all versions up to, and including, 3.7.11 due to insufficient input sanitization and output escapi...