Skip to main content

MasterStudy LMS EUVDEUVD-2026-36976

| CVE-2026-40766 HIGH
SQL Injection (CWE-89)
2026-06-15 Patchstack GHSA-5px8-h7w4-rhfc
8.5
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
8.5 HIGH
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
vuln.today AI
8.5 HIGH

Network-reachable WordPress endpoint, low complexity SQLi, requires Subscriber account (PR:L), no user interaction; SQL injection reads cross-schema data (S:C, C:H) with minor query disruption (A:L).

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:L/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jun 15, 2026 - 22:13 vuln.today

DescriptionCVE.org

Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.

AnalysisAI

SQL injection in the MasterStudy LMS WordPress plugin (versions 3.7.25 and earlier) allows authenticated users at the Subscriber privilege level to inject crafted SQL into backend database queries, leading to high-impact disclosure of confidential database contents and limited availability degradation. The flaw was reported by Patchstack and carries a scope-changed CVSS 3.1 score of 8.5; no public exploit identified at time of analysis.

Technical ContextAI

MasterStudy LMS is a learning management system plugin (vendor StylemixThemes, CPE cpe:2.3:a:stylemixthemes:masterstudy_lms) used on WordPress sites to deliver courses, quizzes, and student enrollment workflows. The vulnerability is a CWE-89 SQL Injection, meaning user-controlled input reaches a SQL query without proper parameterization or escaping - a recurring class of bug in WordPress plugins that expose AJAX/REST endpoints to logged-in users including the low-privilege Subscriber role, which is created automatically when open registration is enabled. The S:C (scope changed) component of the CVSS vector indicates the injected SQL impacts a security authority beyond the vulnerable component itself, consistent with reading data across the entire wp_* schema (users, options, secret tokens) rather than only plugin-specific tables.

RemediationAI

Upstream fix available per Patchstack advisory; a specific patched release version is not stated in the provided data, so administrators should upgrade MasterStudy LMS to the latest available version above 3.7.25 from the WordPress plugin repository and verify the installed version after update. Until upgrade is possible, disable open user self-registration in WordPress (Settings → General → 'Anyone can register') to remove the trivial path to obtaining the Subscriber role required for exploitation - note this blocks new student signups, which may be unacceptable for LMS deployments and should be paired with a manual enrollment workflow. As a complementary control, place a Web Application Firewall such as Patchstack, Wordfence, or a managed-rules ModSecurity profile in front of the site to virtually patch the vulnerable endpoint, and audit existing Subscriber-role accounts for unexpected entries. Authoritative advisory: https://patchstack.com/database/wordpress/plugin/masterstudy-lms-learning-management-system/vulnerability/wordpress-masterstudy-lms-plugin-3-7-25-sql-injection-vulnerability.

CVE-2024-1512 CRITICAL POC
9.8 Feb 17

The MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin for WordPress is vulnerable to union base

CVE-2024-3136 CRITICAL POC
9.8 Apr 09

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3

CVE-2022-0441 CRITICAL POC
9.8 Mar 07

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account,

CVE-2024-5973 HIGH POC
8.8 Jul 22

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor a

CVE-2023-4278 HIGH POC
7.5 Sep 11

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registra

CVE-2024-2411 CRITICAL
9.8 Mar 29

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3

CVE-2024-2409 CRITICAL
9.8 Mar 29

The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3

CVE-2024-37094 CRITICAL
9.8 Nov 01

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Co

CVE-2026-57330 MEDIUM
6.5 Jun 29

Stored Cross-Site Scripting in the MasterStudy LMS WordPress plugin (versions <= 3.7.27) allows authenticated subscriber

CVE-2023-35093 MEDIUM
6.5 Jun 22

Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin - for Online Courses and Educatio

CVE-2024-3942 MEDIUM
6.3 May 02

The MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin for WordPress is vulnerable to unauthoriz

CVE-2024-2106 MEDIUM
5.3 Mar 13

The MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin for WordPress is vulnerable to Informatio

Share

EUVD-2026-36976 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy