CVE-2026-42730 WordPress MasterStudy LMS plugin <= 3.7.29 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.7.29...

WordPress MasterStudy LMS plugin <= 3.7.29 - SQL Injection vulnerability

SQL Injection vulnerability discovered by walow in WordPress Plugin MasterStudy LMS versions = 3.7.29...

CVE-2026-4817

The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...

CVE-2026-4817

The MasterStudy LMS WordPress Plugin for Online Courses and Education is affected by CVE-2026-4817 (versions up to 3.7.25). A time-based blind SQL injection exists in the /lms/stm-lms/order/items REST API endpoint via the order/orderby parameters due to insufficient input sanitization and a desig...

CVE-2026-0559

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stmlmscoursesgriddisplay' shortcode in all versions up to, and including, 3.7.11 due to insufficient input sanitization and output escaping o...

CVE-2026-0559 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stmlmscoursesgriddisplay' shortcode in all versions up to, and including, 3.7.11 due to insufficient input sanitization and output escaping o...

CVE-2026-0559 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stmlmscoursesgriddisplay' shortcode in all versions up to, and including, 3.7.11 due to insufficient input sanitization and output escaping o...

PT-2026-8063

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stm lms courses grid display' shortcode in all versions up to, and including, 3.7.11 due to insufficient input sanitization and output escapi...

CVE-2025-13766

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability checks on multiple REST API endpoints in all versions up to, and including, 3.7.6. This makes it possible for...

WordPress plugin MasterStudy LMS WordPress Plugin – for Online Courses and Education 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

WordPress MasterStudy LMS plugin SQL Injection Vulnerability

WordPress MasterStudy LMS plugin is an online learning system plugin designed specifically for WordPress to support the creation, management and sale of online courses for educational institutions, individual lecturers and other scenarios. WordPress MasterStudy LMS plugin suffers from a SQL...

WordPress Masterstudy plugin file inclusion vulnerability

WordPress Masterstudy plugin is a free learning management system plugin designed for WordPress. The WordPress Masterstudy plugin suffers from a file inclusion vulnerability that stems from improper control over the filename of include or request statements, which can be exploited by an attacker ...

WordPress plugin MasterStudy LMS Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-59576 WordPress MasterStudy LMS Plugin <= 3.6.20 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Stylemix MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MasterStudy LMS: from n/a through 3.6.20...

CVE-2025-59576 WordPress MasterStudy LMS Plugin <= 3.6.20 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through = 3.6.20...

WordPress plugin MasterStudy LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin MasterStudy LMS 竞争条件问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A competitive...

CVE-2025-54744 WordPress MasterStudy LMS plugin <= 3.6.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through = 3.6.15...

CVE-2024-3942

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticate...

PT-2024-37284 · WordPress · Masterstudy Lms Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The MasterStudy LMS WordPress Plugin versions prior to 3.3.24 Description: The issue allows students to create instructor accounts, potentially granting them access to unauthorized functionalities. Recommendations: For versions prior to 3.3.2...