The vulnerability is a missing authorization flaw in the StylemixThemes MasterStudy LMS Pro plugin that permits users to bypass configured access control levels and access or manipulate LMS content that should be restricted. Compromise of protected data or unauthorized control of learning resources can lead to confidentiality and integrity violations. The description does not explicitly state the specific exploitation methods; it is inferred that the attacker can achieve this through the web interface by providing legitimate user credentials or targeting users with elevated privileges.

The issue affects all installations of MasterStudy LMS Pro from the initial release through version 4.7.15. Sites running that plugin on WordPress without having applied the 4.7.16 update are vulnerable.

The CVSS score of 5.4 indicates a moderate severity, while the very low EPSS score (<1%) suggests that exploitation is currently unlikely in the wild. The vulnerability is not listed in the CISA KEV catalog. An attacker could exploit this flaw remotely via the web interface, assuming they can supply legitimate user credentials or exploit a user with elevated privileges to access looser‑controlled areas of the LMS. The attack vector and credential assumptions are not explicitly stated in the description but are inferred based on the nature of the flaw.