398 matches found
MasterStudy LMS <2.7.6 - Improper Access Control
WordPress MasterStudy LMS plugin before 2.7.6 is susceptible to improper access control. The plugin does not validate some parameters given when registering a new account, which can allow an attacker to register as an admin, thus potentially being able to obtain sensitive information, modify data...
MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection
The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...
CVE-2026-57330
Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...
EUVD-2026-40101
Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...
CVE-2026-57330 WordPress MasterStudy LMS plugin <= 3.7.27 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...
CVE-2026-57330
The CVE-2026-57330 entry describes a Cross-Site Scripting (XSS) vulnerability in the WordPress MasterStudy LMS plugin, affecting versions
CVE-2026-57640
Subscriber Broken Access Control in MasterStudy LMS = 3.7.30 versions...
CVE-2026-57640 WordPress MasterStudy LMS plugin <= 3.7.30 - Broken Access Control vulnerability
Subscriber Broken Access Control in MasterStudy LMS = 3.7.30 versions...
EUVD-2026-39755
Subscriber Broken Access Control in MasterStudy LMS = 3.7.30 versions...
CVE-2026-57640
Subscriber Broken Access Control in MasterStudy LMS = 3.7.30 versions...
CVE-2026-57640
CVE-2026-57640 : A Broken Access Control vulnerability affects the WordPress plugin MasterStudy LMS up to version 3.7.30 . The issue is documented with a CVSS 3.1 base score of 4.3 (Medium) and describes restricted access conditions that could permit unauthorized exposure of resources. The availa...
WordPress MasterStudy LMS plugin <= 3.7.30 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by lagi bljr in WordPress Plugin MasterStudy LMS versions = 3.7.30...
EUVD-2026-36976
Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...
CVE-2026-40766
Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...
CVE-2026-40766 WordPress MasterStudy LMS plugin <= 3.7.25 - SQL Injection vulnerability
Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...
CVE-2026-40766
CVE-2026-40766 concerns the WordPress MasterStudy LMS plugin (versions
CVE-2025-64215
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...
CVE-2025-64215 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...
EUVD-2025-210138
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...
CVE-2025-64215 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...