Vulnerability history

WordPress MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin <= 3.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode vulnerability

for Online Courses and Education plugin <= 3.7.6 Missing Authorization to Authenticated (Subscriber+) Posts and Media Creation, Modification and Deletion vulnerability

SQL Injection vulnerability

Sensitive Data Exposure vulnerability

Broken Access Control Vulnerability

Race Condition Vulnerability

Broken Access Control vulnerability

Broken Access Control vulnerability

Local File Inclusion vulnerability

Privilege Escalation to Instructor vulnerability

Broken Access Control vulnerability

Cross Site Request Forgery (CSRF) vulnerability

Missing Authorization vulnerability

Unauthenticated Local File Inclusion via template vulnerability

Unauthenticated Privilege Escalation via stm_lms_register AJAX Action vulnerability

Unauthenticated Local File Inclusion via modal vulnerability

Missing Authorization to Sensitive Information Exposure in search_posts vulnerability

Basic Information Exposure via REST route vulnerability

Unauthenticated SQL Injection vulnerability

Unauthenticated Instructor Account Creation vulnerability

Reflected Cross Site Scripting (XSS) vulnerability

Cross Site Scripting (XSS) vulnerability

Broken Access Control vulnerability

Missing Authorization via wp_ajax_stm_wpcfto_get_settings vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Sensitive Information Disclosure vulnerability

Unauthenticated Admin Account Creation vulnerability