Lucene search
K
StylemixthemesMasterstudy Lms

14 matches found

CVE
CVE
added 2022/03/07 8:16 a.m.164 views

CVE-2022-0441

CVE-2022-0441 concerns the WordPress plugin MasterStudy LMS (versions before 2.7.6). The issue stems from improper validation of parameters during account registration, enabling an unauthenticated user to register as an administrator and potentially access sensitive information or modify data. Th...

9.8CVSS9.4AI score0.84943EPSS
Web
CVE
CVE
added 2024/02/17 7:36 a.m.144 views

CVE-2024-1512

CVE-2024-1512 affects the MasterStudy LMS WordPress Plugin, all versions up to 3.2.5. The root cause is insufficient escaping and lack of proper SQL query preparation on the 'user' parameter of the /lms/stm-lms/order/items REST route, enabling union-based SQL injection. This allows unauthenticate...

9.8CVSS9.5AI score0.77729EPSS
Web
CVE
CVE
added 2023/09/11 7:46 p.m.126 views

CVE-2023-4278

CVE-2023-4278 affects the MasterStudy LMS WordPress Plugin (versions

7.5CVSS7.3AI score0.03495EPSS
CVE
CVE
added 2024/04/09 6:59 p.m.103 views

CVE-2024-3136

CVE-2024-3136 : MasterStudy LMS WordPress plugin (

9.8CVSS9.8AI score0.05018EPSS
CVE
CVE
added 2024/04/09 6:58 p.m.96 views

CVE-2024-1904

CVE-2024-1904 affects the MasterStudy LMS WordPress plugin (up to and including 3.2.13). The issue is a missing capability check in the search_posts function, allowing authenticated users with subscriber-level access or higher to view draft post titles and excerpts. Impact is unauthorized data ex...

4.3CVSS8.9AI score0.00468EPSS
CVE
CVE
added 2024/03/29 8:31 a.m.93 views

CVE-2024-2411

CVE-2024-2411 affects MasterStudy LMS WordPress plugin (

9.8CVSS9.8AI score0.0154EPSS
CVE
CVE
added 2024/03/13 3:26 p.m.87 views

CVE-2024-2106

CVE-2024-2106 affects MasterStudy LMS WordPress Plugin

7.5CVSS5.6AI score0.00802EPSS
CVE
CVE
added 2024/03/29 8:31 a.m.82 views

CVE-2024-2409

MasterStudy LMS WordPress Plugin vulnerability overview (CVE-2024-2409): affects versions <= 3.3.1, enabling unauthenticated privilege escalation by abusing the _register_user() flow. The flaw requires MasterStudy LMS Pro with LMS Forms Editor add-on; it allows an attacker to supply arbitrary ...

9.8CVSS9.3AI score0.00834EPSS
CVE
CVE
added 2025/01/02 12:0 p.m.65 views

CVE-2024-37093

CVE-2024-37093 describes a CSRF vulnerability in the WordPress plugin MasterStudy LMS by StylemixThemes, affecting versions n/a to 3.2.1. NVD lists CVSS v3.1 base score 8.8 (HIGH) with impact to confidentiality, integrity, and availability. The connected documents confirm the existence and scope ...

8.8CVSS5.9AI score0.00207EPSS
CVE
CVE
added 2024/05/02 4:52 p.m.65 views

CVE-2024-3942

CVE-2024-3942 affects MasterStudy LMS WordPress Plugin (≤3.3.8): missing capability check enables authenticated users with Subscriber+ to read/modify course content, titles, and taxonomies. Impact: unauthorized data access/modification and data loss. Patch available; update to a fixed version as ...

6.3CVSS6.5AI score0.00384EPSS
CVE
CVE
added 2024/11/01 1:52 p.m.63 views

CVE-2024-37094

CVE-2024-37094 is a Missing Authorization (Broken Access Control) vulnerability in the WordPress MasterStudy LMS plugin, affecting versions up to 3.2.12. The connected sources describe a critical impact (C/H/I/A) with CVSS 3.1 scores indicating remote access, no user interaction required, and hig...

9.8CVSS8.3AI score0.00397EPSS
CVE
CVE
added 2024/07/22 6:0 a.m.59 views

CVE-2024-5973

CVE-2024-5973 affects MasterStudy LMS WordPress Plugin prior to version 3.3.24. The vulnerability is an unauthenticated privilege escalation to instructor, allowing students to create instructor accounts and gain access to restricted functionalities. The issue is fixed in 3.3.24; upgrade to 3.3.2...

9.1CVSS6.4AI score0.00493EPSS
CVE
CVE
added 2023/06/22 11:7 a.m.54 views

CVE-2023-35093

CVE-2023-35093 affects StylemixThemes MasterStudy LMS WordPress Plugin (

6.5CVSS6.7AI score0.00555EPSS
CVE
CVE
added 2023/06/22 10:33 a.m.49 views

CVE-2023-35090

CVE-2023-35090 is a Stored XSS vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin for Online Courses and Education, with affected versions cited as <= 3.0.7 (NVD) and

6.5CVSS5.5AI score0.00377EPSS