MasterStudy LMS
Stylemix
Developer
3.7.12
Latest version
10,000
Installations
No date
Last updated
Vulnerability history
0 present
26 fixed
15 Mitigation rules
- for Online Courses and Education plugin <= 3.7.6 Missing Authorization to Authenticated (Subscriber+) Posts and Media Creation, Modification and Deletion vulnerability<= 3.7.6Jan 5, 2026
- SQL Injection vulnerability<= 3.6.27Nov 15, 2025
- Sensitive Data Exposure vulnerability<= 3.6.20Oct 16, 2025
- Broken Access Control Vulnerability<= 3.6.20Sep 22, 2025
- Race Condition Vulnerability<= 3.6.20Sep 22, 2025
- Broken Access Control vulnerability<= 3.6.15Sep 3, 2025
- Broken Access Control vulnerability<= 3.5.28Apr 4, 2025
- Local File Inclusion vulnerability<= 3.5.28Apr 4, 2025
- Privilege Escalation to Instructor vulnerability< 3.3.24Jul 22, 2024
- Broken Access Control vulnerability<= 3.2.12Jun 20, 2024
- Cross Site Request Forgery (CSRF) vulnerability<= 3.2.1Jun 20, 2024
- Missing Authorization vulnerability<= 3.3.8Apr 30, 2024
- Unauthenticated Local File Inclusion via template vulnerability<= 3.3.3Apr 5, 2024
- Unauthenticated Privilege Escalation via stm_lms_register AJAX Action vulnerability<= 3.3.1Apr 1, 2024
- Unauthenticated Local File Inclusion via modal vulnerability<= 3.3.0Apr 1, 2024
- Missing Authorization to Sensitive Information Exposure in search_posts vulnerability<= 3.2.13Mar 18, 2024
- Basic Information Exposure via REST route vulnerability<= 3.2.10Mar 7, 2024
- Unauthenticated SQL Injection vulnerability<= 3.2.5Feb 19, 2024
- Unauthenticated Instructor Account Creation vulnerability< 3.0.18Sep 12, 2023
- Reflected Cross Site Scripting (XSS) vulnerability<= 2.7.9Jul 19, 2023
- Cross Site Scripting (XSS) vulnerability<= 3.0.8Jun 15, 2023
- Broken Access Control vulnerability<= 3.0.8Jun 15, 2023
- Missing Authorization via wp_ajax_stm_wpcfto_get_settings vulnerability<= 2.9.34Apr 4, 2023
- Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability< 2.8.0Feb 28, 2022
- Sensitive Information Disclosure vulnerability< 2.8.0Feb 28, 2022
- Unauthenticated Admin Account Creation vulnerability<= 2.7.5Feb 1, 2022