14 matches found
CVE-2022-0441
CVE-2022-0441 concerns the WordPress plugin MasterStudy LMS (versions before 2.7.6). The issue stems from improper validation of parameters during account registration, enabling an unauthenticated user to register as an administrator and potentially access sensitive information or modify data. Th...
CVE-2024-1512
CVE-2024-1512 affects the MasterStudy LMS WordPress Plugin, all versions up to 3.2.5. The root cause is insufficient escaping and lack of proper SQL query preparation on the 'user' parameter of the /lms/stm-lms/order/items REST route, enabling union-based SQL injection. This allows unauthenticate...
CVE-2023-4278
CVE-2023-4278 affects the MasterStudy LMS WordPress Plugin (versions
CVE-2024-3136
CVE-2024-3136 : MasterStudy LMS WordPress plugin (
CVE-2024-1904
CVE-2024-1904 affects the MasterStudy LMS WordPress plugin (up to and including 3.2.13). The issue is a missing capability check in the search_posts function, allowing authenticated users with subscriber-level access or higher to view draft post titles and excerpts. Impact is unauthorized data ex...
CVE-2024-2411
CVE-2024-2411 affects MasterStudy LMS WordPress plugin (
CVE-2024-2106
CVE-2024-2106 affects MasterStudy LMS WordPress Plugin
CVE-2024-2409
MasterStudy LMS WordPress Plugin vulnerability overview (CVE-2024-2409): affects versions <= 3.3.1, enabling unauthenticated privilege escalation by abusing the _register_user() flow. The flaw requires MasterStudy LMS Pro with LMS Forms Editor add-on; it allows an attacker to supply arbitrary ...
CVE-2024-37093
CVE-2024-37093 describes a CSRF vulnerability in the WordPress plugin MasterStudy LMS by StylemixThemes, affecting versions n/a to 3.2.1. NVD lists CVSS v3.1 base score 8.8 (HIGH) with impact to confidentiality, integrity, and availability. The connected documents confirm the existence and scope ...
CVE-2024-3942
CVE-2024-3942 affects MasterStudy LMS WordPress Plugin (≤3.3.8): missing capability check enables authenticated users with Subscriber+ to read/modify course content, titles, and taxonomies. Impact: unauthorized data access/modification and data loss. Patch available; update to a fixed version as ...
CVE-2024-37094
CVE-2024-37094 is a Missing Authorization (Broken Access Control) vulnerability in the WordPress MasterStudy LMS plugin, affecting versions up to 3.2.12. The connected sources describe a critical impact (C/H/I/A) with CVSS 3.1 scores indicating remote access, no user interaction required, and hig...
CVE-2024-5973
CVE-2024-5973 affects MasterStudy LMS WordPress Plugin prior to version 3.3.24. The vulnerability is an unauthenticated privilege escalation to instructor, allowing students to create instructor accounts and gain access to restricted functionalities. The issue is fixed in 3.3.24; upgrade to 3.3.2...
CVE-2023-35093
CVE-2023-35093 affects StylemixThemes MasterStudy LMS WordPress Plugin (
CVE-2023-35090
CVE-2023-35090 is a Stored XSS vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin for Online Courses and Education, with affected versions cited as <= 3.0.7 (NVD) and