CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

370 matches found

CVE•added 2025/10/31 11:42 a.m.•7 views

CVE-2025-64366

The CVE-2025-64366 entry documents a SQL Injection flaw in Stylemix MasterStudy LMS through the WordPress MasterStudy LMS plugin, affecting versions up to 3.6.27 (and_prior to 3.6.28 per PT-Security). Root cause: lack of input validation and improper neutralization of special SQL elements, enabli...

7.6CVSS7.3AI score0.00036EPSS

Exploits0References1

Vulnrichment•added 2025/10/31 11:42 a.m.•2 views

CVE-2025-64366 WordPress MasterStudy LMS plugin <= 3.6.27 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.6.27...

7.6CVSS7.3AI score0.00036EPSS

Exploits0References1

Cvelist•added 2025/10/31 11:42 a.m.•5 views

CVE-2025-64366 WordPress MasterStudy LMS plugin <= 3.6.27 - SQL Injection vulnerability

7.6CVSS0.00036EPSS

Exploits0References1

Vulnrichment•added 2025/10/31 11:42 a.m.•2 views

CVE-2025-64364 WordPress Masterstudy theme < 4.8.126 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue affects Masterstudy: from n/a through 4.8.126...

7.5CVSS6.7AI score0.00123EPSS

Exploits0References1

Cvelist•added 2025/10/31 11:42 a.m.•3 views

CVE-2025-64364 WordPress Masterstudy theme < 4.8.126 - Local File Inclusion vulnerability

7.5CVSS0.00123EPSS

Exploits0References1

CVE•added 2025/10/31 11:42 a.m.•6 views

CVE-2025-64364

CVE-2025-64364 describes a Local File Inclusion (LFI) in the WordPress Masterstudy theme/plugin (StylemixThemes Masterstudy). The vulnerability arises from improper control of the filename used in include/require statements, enabling PHP LFI. Affected versions are Masterstudy prior to 4.8.126. Re...

7.5CVSS6.7AI score0.00123EPSS

Exploits0References1

Positive Technologies•added 2025/10/31 12:0 a.m.•3 views

PT-2025-44615

Name of the Vulnerable Software and Affected Versions StylemixThemes Masterstudy versions prior to 4.8.126 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the...

7.5CVSS6.4AI score0.00123EPSS

Exploits0References4

CNNVD•added 2025/10/31 12:0 a.m.•1 views

WordPress plugin Masterstudy 安全漏洞

WordPress Masterstudy plugin is a free learning management system plugin designed for WordPress. The WordPress Masterstudy plugin suffers from a file inclusion vulnerability that stems from improper control over the filename of include or request statements, which can be exploited by an attacker ...

7.5CVSS6.9AI score0.00123EPSS

Exploits0References1

Positive Technologies•added 2025/10/31 12:0 a.m.•6 views

PT-2025-44617

Name of the Vulnerable Software and Affected Versions Stylemix MasterStudy LMS versions prior to 3.6.28 Description A flaw exists in Stylemix MasterStudy LMS that allows for Blind SQL Injection due to improper neutralization of special elements within SQL commands. This issue potentially allows...

7.6CVSS7.3AI score0.00036EPSS

Exploits0References4

CNNVD•added 2025/10/31 12:0 a.m.•1 views

WordPress plugin MasterStudy LMS 安全漏洞

WordPress MasterStudy LMS plugin is an online learning system plugin designed specifically for WordPress to support the creation, management and sale of online courses for educational institutions, individual lecturers and other scenarios. WordPress MasterStudy LMS plugin suffers from a SQL...

7.6CVSS8.1AI score0.00036EPSS

Exploits0References1

Patchstack•added 2025/10/30 10:43 p.m.•4 views

WordPress Masterstudy theme < 4.8.126 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Masterstudy versions 4.8.126...

7.5CVSS7AI score0.00123EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/10/30 9:16 a.m.•1 views

CVE-2025-64211

Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy Elementor Widgets: from n/a through = 1.2.4...

5.3CVSS7AI score0.00041EPSS

Exploits0References1

RedhatCVE•added 2025/10/30 9:16 a.m.•1 views

CVE-2025-64210

Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through = 1.2.4...

5.4CVSS7AI score0.00036EPSS

Exploits0References1

RedhatCVE•added 2025/10/30 9:16 a.m.•1 views

CVE-2025-64212

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

5.4CVSS6.9AI score0.00054EPSS

Exploits0References1

Patchstack•added 2025/10/30 12:0 a.m.•4 views

WordPress Masterstudy Theme < 4.8.126 is vulnerable to Local File Inclusion

Software Masterstudy Type Theme Vulnerable versions 4.8.126 Fixed in 4.8.126 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2025-64364 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID c61c79de05c6 Credits João Pedro S Alcântara Kinorth...

7.5CVSS5.8AI score0.00123EPSS

Exploits0References1Affected Software1