Stylemixthemes Masterstudy Lms — known CVE vulnerabilities
Every CVE whose affected-product data names Stylemixthemes Masterstudy Lms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2022-0441 — CVSS 9.8 (critical): The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing…
CVE-2024-1512 — CVSS 9.8 (critical): The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection…
CVE-2024-2409 — CVSS 9.8 (critical): The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to…
CVE-2024-2411 — CVSS 9.8 (critical): The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal'…
CVE-2024-3136 — CVSS 9.8 (critical): The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the…
CVE-2024-5973 — CVSS 8.8 (high): The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which…
CVE-2024-37094 — CVSS 8.2 (high): Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security…
CVE-2023-4278 — CVSS 7.5 (high): The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing…
CVE-2023-35093 — CVSS 6.5 (medium): Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8…
CVE-2024-3942 — CVSS 6.3 (medium): The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access…
CVE-2024-2106 — CVSS 5.3 (medium): The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in…
CVE-2024-1904 — CVSS 4.3 (medium): The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts…