Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

MasterStudy LMS — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in MasterStudy LMS, with AI-generated Chinese analysis, references, and POCs.

This page documents security vulnerabilities associated with MasterStudy LMS, a widely used Learning Management System plugin for WordPress. It serves as a centralized resource for tracking identified weaknesses within this specific software product, focusing on issues reported by vendors and security researchers. The content collected here encompasses a broad spectrum of vulnerability types, including cross-site scripting (XSS), authorization bypasses, insecure direct object references, and information disclosure flaws. The historical data ranges from the earliest publicly disclosed issues to the most recent advisories, providing a comprehensive timeline of security incidents affecting the product. This temporal scope allows users to analyze trends in vulnerability introduction and remediation over time, offering insights into the long-term security posture of the software. Visitors to this page can discover valuable intelligence regarding the security lifecycle of MasterStudy LMS. You can track vendor advisories to understand how reported issues were addressed and patched. Furthermore, the aggregated data helps users understand specific weakness classes prevalent in LMS environments and provides a detailed look at the product’s vulnerability history. This information is essential for administrators, developers, and security auditors who need to assess risk, prioritize updates, and implement effective mitigation strategies. By reviewing the accumulated records, stakeholders can make informed decisions about deployment configurations and patch management schedules, ensuring a more secure learning management environment.

Vendor: StylemixThemes

CVE IDTitleCVSSSeverityPublished
CVE-2026-57330 WordPress MasterStudy LMS plugin <= 3.7.27 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2026-06-29
CVE-2026-57640 WordPress MasterStudy LMS plugin <= 3.7.30 - Broken Access Control vulnerability CWE-862 4.3 Medium2026-06-26
CVE-2026-40766 WordPress MasterStudy LMS plugin <= 3.7.25 - SQL Injection vulnerability CWE-89 8.5 High2026-06-15
CVE-2026-42730 WordPress MasterStudy LMS plugin <= 3.7.29 - SQL Injection vulnerability CWE-89 8.5 High2026-05-27
CVE-2025-64366 WordPress MasterStudy LMS plugin <= 3.6.27 - SQL Injection vulnerability CWE-89 7.6 High2025-10-31
CVE-2025-59575 WordPress MasterStudy LMS plugin <= 3.6.20 - Sensitive Data Exposure vulnerability CWE-497 4.9 Medium2025-10-22
CVE-2025-59576 WordPress MasterStudy LMS Plugin <= 3.6.20 - Broken Access Control Vulnerability CWE-862 6.5 Medium2025-09-22
CVE-2025-59577 WordPress MasterStudy LMS Plugin <= 3.6.20 - Race Condition Vulnerability CWE-362 4.3 Medium2025-09-22
CVE-2025-54744 WordPress MasterStudy LMS plugin <= 3.6.15 - Broken Access Control vulnerability CWE-862 6.5 Medium2025-09-05
CVE-2025-32237 WordPress MasterStudy LMS plugin <= 3.5.28 - Broken Access Control vulnerability CWE-862 4.3 Medium2025-04-04
CVE-2025-32141 WordPress MasterStudy LMS plugin <= 3.5.28 - Local File Inclusion vulnerability CWE-98 8.8 High2025-04-04
CVE-2024-37093 WordPress MasterStudy LMS plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 4.3 Medium2025-01-02
CVE-2024-37094 WordPress MasterStudy LMS plugin <= 3.2.12 - Broken Access Control vulnerability CWE-862 8.2 High2024-11-01

All 13 known CVE vulnerabilities affecting MasterStudy LMS with full Chinese analysis, references, and POCs where available.