Masterstudy Lms CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (27 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-1904	1 Stylemixthemes	1 Masterstudy Lms	2026-04-08	4.3 Medium
The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts.
CVE-2024-5973	1 Stylemixthemes	1 Masterstudy Lms	2025-08-27	8.8 High
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.
CVE-2023-4278	1 Stylemixthemes	1 Masterstudy Lms	2025-04-23	7.5 High
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.
CVE-2023-35093	1 Stylemixthemes	1 Masterstudy Lms	2025-02-19	6.5 Medium
Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more.
CVE-2024-37094	1 Stylemixthemes	1 Masterstudy Lms	2025-01-22	8.2 High
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MasterStudy LMS: from n/a through 3.2.12.
CVE-2023-35090	1 Stylemixthemes	1 Masterstudy Lms	2024-11-21	6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.7 versions.
CVE-2022-0441	1 Stylemixthemes	1 Masterstudy Lms	2024-11-21	9.8 Critical
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin

« first previous Page 2 of 2.