What is the CVSS score of CVE-2026-42730?

CVE-2026-42730 has a CVSS 3.1 base score of 8.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L. EPSS exploitation probability: 0.0%.

Which versions of MasterStudy LMS are affected by CVE-2026-42730?

The Stylemix MasterStudy LMS WordPress plugin (versions ≤3.7.29) contains a data exposure vulnerability that allows any student or instructor with a login account to access the entire WordPress…

MasterStudy LMS CVE-2026-42730

Q: How to fix or mitigate CVE-2026-42730?

Within 24 hours: identify all WordPress systems running MasterStudy LMS ≤3.7.29 and audit active student/instructor accounts. Within 7 days: restrict creation of new low-privilege accounts; implement database query monitoring and logging; require multi-factor authentication for administrative accounts. Within 30 days: contact Stylemix for patch status; evaluate LMS migration timeline; implement hardened database permissions and query-level access controls.

EUVD-2026-32185 HIGH

SQL Injection (CWE-89)

2026-05-27 audit@patchstack.com

GHSA-m566-c35v-7wr3

SQLi

8.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

May 27, 2026 - 20:49 vuln.today

DescriptionNVD

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through <= 3.7.29.

AnalysisAI

Blind SQL injection in the Stylemix MasterStudy LMS WordPress plugin (all versions through 3.7.29) lets authenticated low-privilege users inject crafted SQL into a backend database query, enabling extraction of arbitrary database contents including user credentials and configuration secrets. The CVSS 8.5 (scope-changed) rating reflects that a successful injection can reach data beyond the plugin's own scope, i.e. …

RemediationAI

Within 24 hours: identify all WordPress systems running MasterStudy LMS ≤3.7.29 and audit active student/instructor accounts. Within 7 days: restrict creation of new low-privilege accounts; implement database query monitoring and logging; require multi-factor authentication for administrative accounts. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-42730 vulnerability details – vuln.today

Back