CVE-2025-64209 WordPress Masterstudy theme < 4.8.122 - Broken Access Control vulnerability

Missing Authorization vulnerability in StylemixThemes Masterstudy masterstudy allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy: from n/a through 4.8.122...

CVE-2025-64366 WordPress MasterStudy LMS plugin <= 3.6.27 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.6.27...

CVE-2025-64364 WordPress Masterstudy theme < 4.8.126 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue affects Masterstudy: from n/a through 4.8.126...

CVE-2025-64364 WordPress Masterstudy theme < 4.8.126 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue affects Masterstudy: from n/a through 4.8.126...

CVE-2025-64364

CVE-2025-64364 describes a Local File Inclusion (LFI) in the WordPress Masterstudy theme/plugin (StylemixThemes Masterstudy). The vulnerability arises from improper control of the filename used in include/require statements, enabling PHP LFI. Affected versions are Masterstudy prior to 4.8.126. Re...

WordPress Masterstudy theme < 4.8.126 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Masterstudy versions 4.8.126...

WordPress Masterstudy Theme < 4.8.126 is vulnerable to Local File Inclusion

Software Masterstudy Type Theme Vulnerable versions 4.8.126 Fixed in 4.8.126 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2025-64364 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID c61c79de05c6 Credits João Pedro S Alcântara Kinorth...

WordPress MasterStudy LMS plugin <= 3.6.20 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Bibek Dhakal in WordPress Plugin MasterStudy LMS versions = 3.6.20...

CVE-2025-59576

Public details for CVE-2025-59576 are not provided in the connected documents. The initial document mentions a Missing Authorization issue in MasterStudy LMS

CVE-2025-59577 WordPress MasterStudy LMS Plugin <= 3.6.20 - Race Condition Vulnerability

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Leveraging Race Conditions.This issue affects MasterStudy LMS: from n/a through = 3.6.20...

CVE-2025-59577 WordPress MasterStudy LMS Plugin <= 3.6.20 - Race Condition Vulnerability

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Leveraging Race Conditions.This issue affects MasterStudy LMS: from n/a through = 3.6.20...

CVE-2025-54744 WordPress MasterStudy LMS plugin <= 3.6.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through = 3.6.15...

CVE-2024-43990 WordPress Masterstudy LMS Starter theme <= 1.1.8 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information into Log File vulnerability in StylemixThemes Masterstudy LMS Starter.This issue affects Masterstudy LMS Starter: from n/a through 1.1.8...

WordPress Masterstudy LMS Starter Theme <= 1.1.8 is vulnerable to Sensitive Data Exposure

Software Masterstudy LMS Starter Type Theme Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43990 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 36d1f32aa077 Credits Peng Zhou Required...

WordPress MasterStudy LMS Plugin <= 3.3.8 is vulnerable to Broken Access Control

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.3.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3942 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID e8c9ed38d014 Credits Lucio Sá Required privilege...

WordPress MasterStudy LMS Plugin <= 3.3.0 is vulnerable to Local File Inclusion

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-2411 Patch priority High CVSS severity High 9 Developer Claim ownership PSID c509d4c43d0b Credits Hiroho Shimada Required privilege...

WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Broken Access Control

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-35093 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID fe9a14774ad1 Credits Rafshanzani Suhada...

WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Cross Site Scripting (XSS)

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35090 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 10f578002fee Credits Rafshanzani Suhada...

WordPress MasterStudy LMS Plugin <= 2.9.34 is vulnerable to Broken Access Control

Software MasterStudy LMS Type Plugin Vulnerable versions = 2.9.34 Fixed in 2.9.35 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 3b63e4d1bbd6 Credits Unknown Required privilege...