Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Network-reachable WordPress endpoint, low complexity SQLi, requires Subscriber account (PR:L), no user interaction; SQL injection reads cross-schema data (S:C, C:H) with minor query disruption (A:L).
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.
AnalysisAI
SQL injection in the MasterStudy LMS WordPress plugin (versions 3.7.25 and earlier) allows authenticated users at the Subscriber privilege level to inject crafted SQL into backend database queries, leading to high-impact disclosure of confidential database contents and limited availability degradation. The flaw was reported by Patchstack and carries a scope-changed CVSS 3.1 score of 8.5; no public exploit identified at time of analysis.
Technical ContextAI
MasterStudy LMS is a learning management system plugin (vendor StylemixThemes, CPE cpe:2.3:a:stylemixthemes:masterstudy_lms) used on WordPress sites to deliver courses, quizzes, and student enrollment workflows. The vulnerability is a CWE-89 SQL Injection, meaning user-controlled input reaches a SQL query without proper parameterization or escaping - a recurring class of bug in WordPress plugins that expose AJAX/REST endpoints to logged-in users including the low-privilege Subscriber role, which is created automatically when open registration is enabled. The S:C (scope changed) component of the CVSS vector indicates the injected SQL impacts a security authority beyond the vulnerable component itself, consistent with reading data across the entire wp_* schema (users, options, secret tokens) rather than only plugin-specific tables.
RemediationAI
Upstream fix available per Patchstack advisory; a specific patched release version is not stated in the provided data, so administrators should upgrade MasterStudy LMS to the latest available version above 3.7.25 from the WordPress plugin repository and verify the installed version after update. Until upgrade is possible, disable open user self-registration in WordPress (Settings → General → 'Anyone can register') to remove the trivial path to obtaining the Subscriber role required for exploitation - note this blocks new student signups, which may be unacceptable for LMS deployments and should be paired with a manual enrollment workflow. As a complementary control, place a Web Application Firewall such as Patchstack, Wordfence, or a managed-rules ModSecurity profile in front of the site to virtually patch the vulnerable endpoint, and audit existing Subscriber-role accounts for unexpected entries. Authoritative advisory: https://patchstack.com/database/wordpress/plugin/masterstudy-lms-learning-management-system/vulnerability/wordpress-masterstudy-lms-plugin-3-7-25-sql-injection-vulnerability.
More in Masterstudy Lms
View allThe MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin for WordPress is vulnerable to union base
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account,
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor a
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registra
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3
The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Co
Stored Cross-Site Scripting in the MasterStudy LMS WordPress plugin (versions <= 3.7.27) allows authenticated subscriber
Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin - for Online Courses and Educatio
The MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin for WordPress is vulnerable to unauthoriz
The MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin for WordPress is vulnerable to Informatio
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36976
GHSA-5px8-h7w4-rhfc