WordPress MasterStudy LMS plugin <= 3.6.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin MasterStudy LMS versions = 3.6.15...

CVE-2025-7438

The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'installandactivateplugin' function in all versions up to, and including, 4.7.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

CVE-2025-7438 MasterStudy LMS – Online Courses, eLearning PRO Plus <= 4.7.9 - Authenticated (Subscriber+) Arbitrary File Upload

The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'installandactivateplugin' function in all versions up to, and including, 4.7.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

CVE-2025-7438

CVE-2025-7438 – MasterStudy LMS Pro (WordPress) vulnerable to arbitrary file upload due to insufficient file type validation in install_and_activate_plugin for all versions up to and including 4.7.9. authenticated attackers with Subscriber+ access can upload arbitrary files to the server, with re...

WordPress MasterStudy LMS Pro plugin <= 4.7.9 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Thái An in WordPress Plugin MasterStudy LMS Pro versions = 4.7.9...

PT-2025-30008 · WordPress · Masterstudy Lms Pro

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS Pro versions up to and including 4.7.9 Description: The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the install and activate plugin function. Thi...

CVE-2025-4800

The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stmlmsaddassignmentattachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access an...

CVE-2025-4800

CVE-2025-4800 — MasterStudy LMS Pro (WordPress) Vulnerability: Arbitrary file upload due to missing file-type validation in stm_lms_add_assignment_attachment. Affected: MasterStudy LMS Pro plugin for WordPress versions up to and including 4.7.0. Impact: Authenticated attackers with Subscriber-lev...

CVE-2025-4800 MasterStudy LMS Pro <= 4.7.0 - Authenticated (Subscriber+) Arbitrary File Upload

The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stmlmsaddassignmentattachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access an...

CVE-2025-4800 MasterStudy LMS Pro <= 4.7.0 - Authenticated (Subscriber+) Arbitrary File Upload

The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stmlmsaddassignmentattachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access an...

PT-2025-23049 · WordPress · Masterstudy Lms Pro

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS Pro plugin for WordPress versions up to, and including, 4.7.0 Description: The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stm lms add assignmen...

WordPress MasterStudy LMS Pro plugin <= 4.7.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin MasterStudy LMS Pro versions = 4.7.0...

15,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in MasterStudy LMS Pro WordPress Plugin

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On May 15th, 2025, we received a submission for an Arbitrary File Upload...

CVE-2024-43990

Insertion of Sensitive Information into Log File vulnerability in StylemixThemes Masterstudy LMS Starter.This issue affects Masterstudy LMS Starter: from n/a through 1.1.8...

CVE-2024-1904

The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the searchposts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose...

CVE-2024-37093

Cross-Site Request Forgery CSRF vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Cross Site Request Forgery.This issue affects MasterStudy LMS: from n/a through = 3.2.1...

CVE-2024-5973

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have...

CVE-2023-35093

Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin = 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more...

CVE-2023-35090

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin = 3.0.7 versions...

CVE-2022-0441

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin...