Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through <= 3.7.29.
Published: 2026-05-27
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper neutralization of special elements in a database query allows a blind SQL injection in the Stylemix MasterStudy LMS WordPress plugin. This is a CWE-89 vulnerability that can enable an attacker to read or modify data stored in the plugin’s database, potentially compromising the confidentiality and integrity of stored information. The high CVSS score of 8.5 reflects the severity of the potential data breach.

Affected Systems

The vulnerability exists in the Stylemix MasterStudy LMS plugin from earlier versions through 3.7.29. Any WordPress site that has installed one of these affected versions is at risk, regardless of the site’s overall user base.

Risk and Exploitability

Based on the description, it is inferred that the attack can be carried out via crafted HTTP requests to the plugin’s public endpoints, likely without requiring authentication, which makes any accessible WordPress site a potential target. Although the EPSS score is not available, the combination of a high CVSS rating and the lack of a KEV listing suggests this is a serious but not yet widely exploited flaw.

Generated by OpenCVE AI on May 27, 2026 at 12:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the MasterStudy LMS plugin to the latest released version that addresses the SQL injection flaw.
  • Apply web application firewall rules to block or sanitize suspicious SQL query patterns targeting the plugin’s endpoints.
  • Restrict or disable the plugin’s administrative functions until an official patch can be applied.

Generated by OpenCVE AI on May 27, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through <= 3.7.29.
Title WordPress MasterStudy LMS plugin <= 3.7.29 - SQL Injection vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-27T10:53:08.025Z

Reserved: 2026-04-29T09:05:25.569Z

Link: CVE-2026-42730

cve-icon Vulnrichment

Updated: 2026-05-27T10:53:00.942Z

cve-icon NVD

Status : Received

Published: 2026-05-27T11:16:19.413

Modified: 2026-05-27T11:16:19.413

Link: CVE-2026-42730

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T12:30:25Z

Weaknesses