Approved changes feed: RSS · Atom

cpe:2.3:a:stylemix:masterstudy_lms_wordpress_plugin_–_for_online_courses_and_education:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorStylemix (c2170171-f70b-5bf4-89aa-da5048b14251)
ProductMasterstudy Lms Wordpress Plugin – For Online Courses And Education (71b5bd7c-a661-51aa-b493-06d0b92e717b)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-4817 vulnerable 2026-06-08 08:07:02.419068 MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters
MEDIUM (6.5)
The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient input sanitization combined with a design flaw in the custom Query builder class that allows unquoted SQL injection in ORDER BY clauses. When the Query builder detects parentheses in the sort_by parameter, it treats the value as a SQL function and directly concatenates it into the ORDER BY clause without any quoting. While esc_sql() is applied to escape quotes and backslashes, this cannot prevent ORDER BY injection when the values themselves are not wrapped in quotes in the resulting SQL statement. This makes it possible for authenticated attackers, with subscriber-level access and above, to append arbitrary SQL queries via the ORDER BY clause to extract sensitive information from the database including user credentials, session tokens, and other confidential data through time-based blind SQL injection techniques.
Published: 2026-04-17T01:24:37.193Z
Updated: 2026-04-17T18:39:48.201Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-0559 vulnerable 2026-06-08 07:47:12.536029 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode
MEDIUM (6.4)
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stm_lms_courses_grid_display' shortcode in all versions up to, and including, 3.7.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2026-02-14T06:42:32.152Z
Updated: 2026-04-08T17:16:07.986Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-13766 vulnerable 2026-06-08 07:06:32.656343 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.6 Missing Authorization to Authenticated (Subscriber+) Posts and Media Creation, Modification and Deletion
MEDIUM (5.4)
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability checks on multiple REST API endpoints in all versions up to, and including, 3.7.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload or delete arbitrary media files, delete or modify posts, and create/manage course templates
Published: 2026-01-06T08:21:48.418Z
Updated: 2026-04-08T16:42:51.744Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-3942 vulnerable 2026-06-08 06:43:51.947656 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.3.8 - Missing Authorization
MEDIUM (6.3)
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticated attackers, with subscriber level permissions and above, to read and modify content such as course questions, post titles, and taxonomies.
Published: 2024-05-02T16:52:11.285Z
Updated: 2026-04-08T16:57:40.453Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-3136 vulnerable 2026-06-08 06:41:52.552062 MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template
CRITICAL (9.8)
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Published: 2024-04-09T18:59:08.441Z
Updated: 2026-04-08T17:11:02.846Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2411 vulnerable 2026-06-08 06:33:31.050658 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2409 vulnerable 2026-06-08 06:33:31.046542 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2106 vulnerable 2026-06-08 06:33:30.355724 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-1904 vulnerable 2026-06-08 06:27:14.891895 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-1512 vulnerable 2026-06-08 06:25:40.314065 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.