Skip to main content

Masterstudy Lms Pro

1 CVEs product

Monthly

CVE-2025-64215 MEDIUM PATCH This Month

Missing Authorization in StylemixThemes MasterStudy LMS Pro (WordPress plugin) exposes restricted LMS functionality to unauthenticated remote attackers, enabling unauthorized modification of course content or platform data and limited disruption of availability. All versions before 4.7.16 are affected, with the flaw rooted in the plugin's failure to enforce access control checks on certain endpoints - effectively allowing callers to bypass intended privilege gates entirely. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, though the low-complexity, unauthenticated attack surface warrants prompt patching on any publicly reachable WordPress installation.

Authentication Bypass Masterstudy Lms Pro
NVD
CVSS 3.1
6.5
EPSS
0.2%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Missing Authorization in StylemixThemes MasterStudy LMS Pro (WordPress plugin) exposes restricted LMS functionality to unauthenticated remote attackers, enabling unauthorized modification of course content or platform data and limited disruption of availability. All versions before 4.7.16 are affected, with the flaw rooted in the plugin's failure to enforce access control checks on certain endpoints - effectively allowing callers to bypass intended privilege gates entirely. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, though the low-complexity, unauthenticated attack surface warrants prompt patching on any publicly reachable WordPress installation.

Authentication Bypass Masterstudy Lms Pro
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy