370 matches found
CVE-2025-64366 WordPress MasterStudy LMS plugin <= 3.6.27 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.6.27...
CVE-2025-64366
The CVE-2025-64366 entry documents a SQL Injection flaw in Stylemix MasterStudy LMS through the WordPress MasterStudy LMS plugin, affecting versions up to 3.6.27 (and_prior to 3.6.28 per PT-Security). Root cause: lack of input validation and improper neutralization of special SQL elements, enabli...
CVE-2025-64366 WordPress MasterStudy LMS plugin <= 3.6.27 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.6.27...
CVE-2025-64364 WordPress Masterstudy theme < 4.8.126 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue affects Masterstudy: from n/a through 4.8.126...
CVE-2025-64364
CVE-2025-64364 describes a Local File Inclusion (LFI) in the WordPress Masterstudy theme/plugin (StylemixThemes Masterstudy). The vulnerability arises from improper control of the filename used in include/require statements, enabling PHP LFI. Affected versions are Masterstudy prior to 4.8.126. Re...
CVE-2025-64364 WordPress Masterstudy theme < 4.8.126 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue affects Masterstudy: from n/a through 4.8.126...
WordPress plugin Masterstudy 安全漏洞
WordPress Masterstudy plugin is a free learning management system plugin designed for WordPress. The WordPress Masterstudy plugin suffers from a file inclusion vulnerability that stems from improper control over the filename of include or request statements, which can be exploited by an attacker ...
PT-2025-44617
Name of the Vulnerable Software and Affected Versions Stylemix MasterStudy LMS versions prior to 3.6.28 Description A flaw exists in Stylemix MasterStudy LMS that allows for Blind SQL Injection due to improper neutralization of special elements within SQL commands. This issue potentially allows...
PT-2025-44615
Name of the Vulnerable Software and Affected Versions StylemixThemes Masterstudy versions prior to 4.8.126 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the...
WordPress plugin MasterStudy LMS 安全漏洞
WordPress MasterStudy LMS plugin is an online learning system plugin designed specifically for WordPress to support the creation, management and sale of online courses for educational institutions, individual lecturers and other scenarios. WordPress MasterStudy LMS plugin suffers from a SQL...
WordPress Masterstudy theme < 4.8.126 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Masterstudy versions 4.8.126...
CVE-2025-64211
Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy Elementor Widgets: from n/a through = 1.2.4...
CVE-2025-64210
Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through = 1.2.4...
CVE-2025-64212
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...
WordPress Masterstudy Theme < 4.8.126 is vulnerable to Local File Inclusion
Software Masterstudy Type Theme Vulnerable versions 4.8.126 Fixed in 4.8.126 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2025-64364 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID c61c79de05c6 Credits João Pedro S Alcântara Kinorth...
EUVD-2025-36619
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...
EUVD-2025-36621
Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through = 1.2.4...
EUVD-2025-36620
Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy Elementor Widgets: from n/a through = 1.2.4...
CVE-2025-64211
Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy Elementor Widgets: from n/a through = 1.2.4...
CVE-2025-64212
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...