Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MasterStudy LMS WordPress Plugin – for Online Courses and Education — Vulnerabilities & Security Advisories 12

All 12 CVE vulnerabilities found in MasterStudy LMS WordPress Plugin – for Online Courses and Education, with AI-generated Chinese analysis, references, and POCs.

Vendor: StylemixThemes

CVE IDTitleCVSSSeverityPublished
CVE-2026-4817 MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters CWE-89 6.5 Medium2026-04-17
CVE-2026-0559 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode CWE-79 6.4 Medium2026-02-14
CVE-2025-13766 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.6 Missing Authorization to Authenticated (Subscriber+) Posts and Media Creation, Modification and Deletion CWE-862 5.4 Medium2026-01-06
CVE-2024-3942 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.3.8 - Missing Authorization CWE-862 6.3 Medium2024-05-02
CVE-2024-3136 MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template CWE-98 9.8 Critical2024-04-09
CVE-2024-1904 MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts CWE-862 4.3 Medium2024-04-09
CVE-2024-2409 MasterStudy LMS <= 3.3.1 - Unauthenticated Privilege Escalation via stm_lms_register AJAX Action CWE-266 9.8 Critical2024-03-29
CVE-2024-2411 MasterStudy LMS <= 3.3.0 - Unauthenticated Local File Inclusion via modal CWE-98 9.8 Critical2024-03-29
CVE-2024-2106 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.10 - Basic Information Exposure via REST route CWE-200 5.3 Medium2024-03-13
CVE-2024-1512 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.5 - Unauthenticated SQL Injection CWE-89 9.8 Critical2024-02-17
CVE-2023-35093 WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Broken Access Control CWE-862 6.5 Medium2023-06-22
CVE-2023-35090 WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Cross Site Scripting (XSS) CWE-79 6.5 Medium2023-06-22

All 12 known CVE vulnerabilities affecting MasterStudy LMS WordPress Plugin – for Online Courses and Education with full Chinese analysis, references, and POCs where available.