cbcvebase.

Stylemixthemes Masterstudy Lms Pro vulnerabilities

7 known vulnerabilities affecting stylemixthemes/masterstudy_lms_pro.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2025-4800P2HIGHCVSS 8.8≤ 4.7.02025-05-28
CVE-2025-4800 [HIGH] CWE-434 CVE-2025-4800: The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missin The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stm_lms_add_assignment_attachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected sit
nvd
CVE-2025-7438P3HIGHCVSS 7.5≤ 4.7.92025-07-18
CVE-2025-7438 [HIGH] CWE-434 CVE-2025-7438: The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insuffic The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'install_and_activate_plugin' function in all versions up to, and including, 4.7.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site
nvd
CVE-2025-64214P3HIGHCVSS 7.5≤ 4.7.162025-12-18
CVE-2025-64214 [HIGH] CWE-862 CVE-2025-64214: Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-m Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
nvd
CVE-2025-64213P3HIGHCVSS 7.5≤ 4.7.162025-12-18
CVE-2025-64213 [HIGH] CWE-201 CVE-2025-64213: Insertion of Sensitive Information Into Sent Data vulnerability in StylemixThemes MasterStudy LMS Pr Insertion of Sensitive Information Into Sent Data vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
nvd
CVE-2026-8653P3MEDIUMCVSS 6.5≤ 4.8.202026-06-04
CVE-2026-8653 [MEDIUM] CWE-89 CVE-2026-8653: The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'co The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with instructor-le
nvd
CVE-2025-64215P3MEDIUMCVSS 6.5≥ n/a, < 4.7.162026-06-15
CVE-2025-64215 [MEDIUM] CWE-862 CVE-2025-64215: Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functiona Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16.
nvd
CVE-2025-64212P4MEDIUMCVSS 5.4≤ 4.7.162025-10-29
CVE-2025-64212 [MEDIUM] CWE-862 CVE-2025-64212: Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-m Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
nvd
Stylemixthemes Masterstudy Lms Pro vulnerabilities | cvebase