Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

388 matches found

Nuclei
Nucleiadded 9 hours ago42 views

MasterStudy LMS <2.7.6 - Improper Access Control

WordPress MasterStudy LMS plugin before 2.7.6 is susceptible to improper access control. The plugin does not validate some parameters given when registering a new account, which can allow an attacker to register as an admin, thus potentially being able to obtain sensitive information, modify data...

9.8CVSS7.3AI score0.85334EPSS
Exploits8References5
Nuclei
Nucleiadded 9 hours ago51 views

MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection

The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...

9.8CVSS8.8AI score0.77729EPSS
Exploits1References4
EUVD
EUVDadded 2026/06/15 9:30 p.m.9 views

EUVD-2026-36976

Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...

8.5CVSS5.7AI score0.00332EPSS
Exploits0References2
NVD
NVDadded 2026/06/15 9:16 p.m.5 views

CVE-2026-40766

Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...

8.5CVSS0.00332EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/15 8:18 p.m.25 views

CVE-2026-40766 WordPress MasterStudy LMS plugin <= 3.7.25 - SQL Injection vulnerability

Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...

8.5CVSS0.00332EPSS
Exploits0References1
CVE
CVEadded 2026/06/15 8:18 p.m.11 views

CVE-2026-40766

CVE-2026-40766 concerns the WordPress MasterStudy LMS plugin (versions

8.5CVSS5.7AI score0.00332EPSS
Exploits0References1
NVD
NVDadded 2026/06/15 2:16 p.m.10 views

CVE-2025-64215

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

6.5CVSS0.00196EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/15 1:3 p.m.33 views

CVE-2025-64215 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

6.5CVSS0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/15 1:3 p.m.5 views

CVE-2025-64215 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

6.5CVSS5.2AI score0.00196EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/15 1:3 p.m.7 views

EUVD-2025-210138

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

6.5CVSS5.2AI score0.00196EPSS
Exploits0References1
CVE
CVEadded 2026/06/15 1:3 p.m.14 views

CVE-2025-64215

CVE-2025-64215 affects WordPress MasterStudy LMS Pro (StylemixThemes) prior to 4.7.16. The issue is a Missing Authorization vulnerability causing Broken Access Control by allowing access to functionality not properly constrained by ACLs. The publicly cited source (Patchstack) lists the vulnerabil...

6.5CVSS5.3AI score0.00196EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/15 12:0 a.m.12 views

PT-2026-49226

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

6.5CVSS5.2AI score0.00196EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/06/15 12:0 a.m.9 views

PT-2026-49411

Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...

8.5CVSS5.7AI score0.00332EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/06/05 7:28 p.m.6 views

CVE-2026-4817

The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...

6.5CVSS5.8AI score0.00462EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:24 p.m.10 views

CVE-2026-8653

The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS5.7AI score0.00217EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:16 p.m.5 views

CVE-2026-42730

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.7.29...

8.5CVSS5.6AI score0.00253EPSS
Exploits0References1
NVD
NVDadded 2026/06/04 2:16 a.m.9 views

CVE-2026-8653

The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00217EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/04 1:26 a.m.10 views

EUVD-2026-34191

The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS5.9AI score0.00217EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/06/04 1:26 a.m.9 views

CVE-2026-8653 MasterStudy LMS Pro Plus <= 4.8.20 - Authenticated (Instructor+) SQL Injection via 'columns' Parameter

The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS5.9AI score0.00217EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/04 1:26 a.m.40 views

CVE-2026-8653 MasterStudy LMS Pro Plus <= 4.8.20 - Authenticated (Instructor+) SQL Injection via 'columns' Parameter

The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00217EPSS
Exploits0References2
Rows per page
Query Builder