Masterstudy Lms Pro
Approved changes feed: RSS · Atom
cpe:2.3:a:stylemixthemes:masterstudy_lms_pro:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Stylemixthemes (a955917c-2229-564b-bd01-1fb4beeda74f) |
|---|---|
| Product | Masterstudy Lms Pro (edb14f92-0397-51fe-9d59-3c61493bea72) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-7438 |
vulnerable | 2026-06-03 15:12:31.269543 |
MasterStudy LMS – Online Courses, eLearning PRO Plus <= 4.7.9 - Authenticated (Subscriber+) Arbitrary File Upload
HIGH (7.5)
The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'install_and_activate_plugin' function in all versions up to, and including, 4.7.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability is difficult to exploit due to timing requirements and environmental factors.
Published: 2025-07-18T06:45:33.113Z
Updated: 2026-04-08T16:38:08.249Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-64214 |
vulnerable | 2026-06-03 15:09:37.489622 |
WordPress MasterStudy LMS Pro plugin < 4.7.16 - Arbitrary Content Deletion vulnerability
HIGH (7.5)
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
Published: 2025-12-18T07:22:12.176Z
Updated: 2026-04-28T16:14:10.851Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-64213 |
vulnerable | 2026-06-03 15:09:37.489364 |
WordPress MasterStudy LMS Pro plugin < 4.7.16 - Sensitive Data Exposure vulnerability
HIGH (7.5)
Insertion of Sensitive Information Into Sent Data vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
Published: 2025-12-18T07:22:11.993Z
Updated: 2026-04-28T18:25:18.141Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-64212 |
vulnerable | 2026-06-03 15:09:37.489031 |
WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability
MEDIUM (5.4)
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
Published: 2025-10-29T08:38:08.827Z
Updated: 2026-04-28T16:14:10.893Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-4800 |
vulnerable | 2026-06-03 15:01:48.759657 |
MasterStudy LMS Pro <= 4.7.0 - Authenticated (Subscriber+) Arbitrary File Upload
HIGH (8.8)
The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stm_lms_add_assignment_attachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible.
Published: 2025-05-28T05:24:21.802Z
Updated: 2026-04-08T17:19:53.840Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.