MasterStudy LMS WordPress Plugin – for Online Courses and Education

Vulnerabilities 30Slug masterstudy-lms-learning-management-systemLatest version 3.7.31WordPress.org →

Minimum safe version

3.7.26

Update to 3.7.26 or later to address 30 fixable vulnerabilities

Latest available3.7.31
N/A
2026-04-21< 3.7.26

MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.25 - Authenticated (Subscriber+) SQL Injection

WordfenceCVE
Medium 4.3
2025-09-22< 3.6.21

MasterStudy LMS <= 3.6.20 - Authenticated (Subscriber+) Race Condition to Multiple Reviews

WordfenceEUVDCVE
Medium 6.5
2025-09-22< 3.6.21

MasterStudy LMS <= 3.6.20 - Missing Authorization

WordfenceEUVDCVE
N/A
2026-02-13< 3.7.12

MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode

WordfenceCVE
N/A
2023-07-19< 2.8.0

WordPress MasterStudy LMS Plugin <= 2.7.9 is vulnerable to Cross Site Scripting (XSS)

PatchstackWPScanCVE
N/A
2023-04-04< 2.9.35

WordPress MasterStudy LMS Plugin <= 2.9.34 is vulnerable to Broken Access Control

Patchstack
N/A
2023-04-03< 2.9.35

MasterStudy LMS WordPress Plugin <= 2.9.34 - Missing Authorization via wp_ajax_stm_wpcfto_get_settings

Wordfence
N/A
2022-02-28< 2.8.0

WordPress MasterStudy LMS plugin < 2.8.0 - Sensitive Information Disclosure vulnerability

Patchstack
N/A
2022-02-28< 2.8.0

WordPress MasterStudy LMS plugin < 2.8.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Patchstack