233 matches found
MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection
The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...
EUVD-2026-36976
Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...
CVE-2026-40766 WordPress MasterStudy LMS plugin <= 3.7.25 - SQL Injection vulnerability
Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...
CVE-2026-40766
CVE-2026-40766 concerns the WordPress MasterStudy LMS plugin (versions
CVE-2025-64215 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...
CVE-2025-64215 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...
CVE-2025-64215
CVE-2025-64215 affects WordPress MasterStudy LMS Pro (StylemixThemes) prior to 4.7.16. The issue is a Missing Authorization vulnerability causing Broken Access Control by allowing access to functionality not properly constrained by ACLs. The publicly cited source (Patchstack) lists the vulnerabil...
CVE-2026-4817
The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...
CVE-2026-8653
The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
EUVD-2026-34191
The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2026-8653
The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2026-8653
The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to a generic SQL Injection via the 'columns' parameter in all versions up to and including 4.8.20, caused by insufficient escaping of the user-supplied value and inadequate query preparation. Authenticated attackers with instructor-l...
PT-2026-46129
The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
WordPress MasterStudy LMS Pro plugin <= 4.8.20 - Authenticated (Instructor+) SQL Injection vulnerability
Authenticated Instructor+ SQL Injection vulnerability discovered by Rafie Muhammad - Awesome Motive, Inc. in WordPress Plugin MasterStudy LMS Pro versions = 4.8.20...
CVE-2026-42730
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.7.29...
CVE-2026-42730
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.7.29...
CVE-2026-42730
CVE-2026-42730 concerns the WordPress MasterStudy LMS plugin (versions
PT-2026-43642
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.7.29...
WordPress plugin MasterStudy LMS SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rafie Muhammad in WordPress Plugin MasterStudy LMS Pro versions 4.7.16...