CVE-2025-64215
published 2026-06-15CVE-2025-64215: Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects…
PriorityP335medium6.5CVSS 3.1
AVNACLPRNUINSUCNILAL
EPSS
0.20%
9.5th percentile
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects MasterStudy LMS Pro: from n/a before 4.7.16.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| stylemixthemes | masterstudy_lms_pro | >= n/a < 4.7.16 | 4.7.16 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
StylemixThemes MasterStudy LMS Pro Plugin up to 4.7.15 on WordPress authorization
vuldb·2026-06-15·CVSS 6.5
CVE-2025-64215 [MEDIUM] StylemixThemes MasterStudy LMS Pro Plugin up to 4.7.15 on WordPress authorization
A vulnerability classified as critical was found in StylemixThemes MasterStudy LMS Pro Plugin up to 4.7.15 on WordPress. The impacted element is an unknown function. Such manipulation leads to missing authorization.
This vulnerability is documented as CVE-2025-64215. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is advised.
GHSA
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs.
ghsa_unreviewed·2026-06-15
CVE-2025-64215 [MEDIUM] CWE-862 Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs.
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects MasterStudy LMS Pro: from n/a before 4.7.16.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-15
Published