WordPress plugin MasterStudy LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-39050

Name of the Vulnerable Software and Affected Versions MasterStudy LMS versions through 3.6.20 Description A race condition exists due to concurrent execution using a shared resource with improper synchronization. This allows leveraging race conditions within the software. Recommendations Update...

WordPress plugin MasterStudy LMS 竞争条件问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A competitive...

PT-2025-39049

Name of the Vulnerable Software and Affected Versions MasterStudy LMS versions through 3.6.20 Description An authorization issue exists in Stylemix MasterStudy LMS, allowing exploitation of incorrectly configured access control security levels. Recommendations Update MasterStudy LMS to a version...

CVE-2025-54744

Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through = 3.6.15...

CVE-2025-54744

Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through = 3.6.15...

CVE-2025-54744 WordPress MasterStudy LMS plugin <= 3.6.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through = 3.6.15...

CVE-2025-54744

CVE-2025-54744 refers to the WordPress MasterStudy LMS plugin (versions through 3.6.15) with a Missing Authorization/broken access control flaw. Public sources (Patchstack, CVE listings, Red Hat/RH, CVE-List) identify the root cause as incorrectly configured access control, enabling unauthorized ...

CVE-2025-54744 WordPress MasterStudy LMS Plugin <= 3.6.15 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Stylemix MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MasterStudy LMS: from n/a through 3.6.15...

PT-2025-36249

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS versions through 3.6.15 Description: The software contains a missing authorization flaw due to incorrectly configured access control security levels. Recommendations: Update MasterStudy LMS to a version later than 3.6.15...

WordPress plugin MasterStudy LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress MasterStudy LMS plugin <= 3.6.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin MasterStudy LMS versions = 3.6.15...

CVE-2025-7438

The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'installandactivateplugin' function in all versions up to, and including, 4.7.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

CVE-2025-7438 MasterStudy LMS – Online Courses, eLearning PRO Plus <= 4.7.9 - Authenticated (Subscriber+) Arbitrary File Upload

The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'installandactivateplugin' function in all versions up to, and including, 4.7.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

CVE-2025-7438

CVE-2025-7438 – MasterStudy LMS Pro (WordPress) vulnerable to arbitrary file upload due to insufficient file type validation in install_and_activate_plugin for all versions up to and including 4.7.9. authenticated attackers with Subscriber+ access can upload arbitrary files to the server, with re...

WordPress MasterStudy LMS Pro plugin <= 4.7.9 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Thái An in WordPress Plugin MasterStudy LMS Pro versions = 4.7.9...

PT-2025-30008 · WordPress · Masterstudy Lms Pro

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS Pro versions up to and including 4.7.9 Description: The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the install and activate plugin function. Thi...

WordPress plugin MasterStudy LMS Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2025-4800

The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stmlmsaddassignmentattachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access an...

CVE-2025-4800 MasterStudy LMS Pro <= 4.7.0 - Authenticated (Subscriber+) Arbitrary File Upload

The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stmlmsaddassignmentattachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access an...