Description
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Leveraging Race Conditions.This issue affects MasterStudy LMS: from n/a through <= 3.6.20.
Published: 2025-09-22
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The MasterStudy LMS plugin contains a race condition in shared resource handling, which can be exploited by concurrently executing requests. The flaw, classified as CWE-362, allows attackers to manipulate the order of operations, potentially leading to inconsistent data states or incorrect processing within the plugin. The CVSS score of 4.3 indicates that the design impact is moderate but not trivial, emphasizing the need for careful assessment.

Affected Systems

Stylemix’s MasterStudy LMS plugin is affected in all releases up to and including version 3.6.20. Any WordPress site that has installed this plugin within that version range is potentially vulnerable. The vulnerability is tied specifically to the plugin’s internal race‑condition handling rather than the WordPress core.

Risk and Exploitability

The EPSS score of < 1% reflects a low probability of exploitation in the wild as of the last measurement, and the issue is not listed in the CISA KEV catalog. The attack vector is inferred to be via concurrent HTTP requests to the plugin’s endpoints, requiring an authenticated user or a privileged role such as an instructor or administrator. Successful exploitation could alter lesson data, access permissions, or other LMS features. The moderate CVSS score and low EPSS suggest a moderate risk, but site owners should still evaluate potential business impact if the LMS is critical to operations.

Generated by OpenCVE AI on April 30, 2026 at 06:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update MasterStudy LMS to a version newer than 3.6.20 once an official patch is available.
  • If no update is possible, consider disabling the plugin or removing it from production environments to eliminate the race condition threat.
  • Monitor LMS activity logs for abnormal concurrent access patterns that might indicate exploitation attempts.
  • Apply regular WordPress and plugin updates to mitigate future vulnerabilities.

Generated by OpenCVE AI on April 30, 2026 at 06:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-30462 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Stylemix MasterStudy LMS allows Leveraging Race Conditions. This issue affects MasterStudy LMS: from n/a through 3.6.20.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Stylemix MasterStudy LMS allows Leveraging Race Conditions. This issue affects MasterStudy LMS: from n/a through 3.6.20. Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Leveraging Race Conditions.This issue affects MasterStudy LMS: from n/a through <= 3.6.20.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Tue, 23 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Stylemixthemes
Stylemixthemes masterstudy Lms
Wordpress
Wordpress wordpress
Vendors & Products Stylemixthemes
Stylemixthemes masterstudy Lms
Wordpress
Wordpress wordpress

Mon, 22 Sep 2025 18:45:00 +0000

Type Values Removed Values Added
Description Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Stylemix MasterStudy LMS allows Leveraging Race Conditions. This issue affects MasterStudy LMS: from n/a through 3.6.20.
Title WordPress MasterStudy LMS Plugin <= 3.6.20 - Race Condition Vulnerability
Weaknesses CWE-362
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Stylemixthemes Masterstudy Lms
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:52.760Z

Reserved: 2025-09-17T18:01:03.001Z

Link: CVE-2025-59577

cve-icon Vulnrichment

Updated: 2025-09-23T17:48:14.998Z

cve-icon NVD

Status : Deferred

Published: 2025-09-22T19:16:26.047

Modified: 2026-04-23T15:34:05.320

Link: CVE-2025-59577

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T06:15:29Z

Weaknesses