Primary

Context

MasterStudy LMS WordPress Plugin Missing Authorization Vulnerability Allowing Unauthorized Data Modification and Deletion

Vulnerability

Patched

A vulnerability exists in the MasterStudy LMS WordPress Plugin for Online Courses and Education, affecting all versions through 3.7.6. The issue arises from inadequate capability checks on several REST API endpoints, allowing authenticated attackers with Subscriber-level access or higher to improperly modify or delete data. This vulnerability enables the upload or deletion of arbitrary media files, unauthorized changes to posts, and the creation or management of course templates.

Impact

Exploitation of this vulnerability could lead to unauthorized modification and deletion of data, including media files, posts, and course templates.

Remediation

Users are advised to update the MasterStudy LMS WordPress Plugin to version 3.7.7 or a newer patched version.

Added: Jan 6, 2026, 9:21 AM

Updated: Jan 6, 2026, 9:21 AM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

3.1

exploitability

6.1

remediation

7.7

relevance

1.9

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

3.1

exploitability

6.1

remediation

7.7

relevance

1.9

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MasterStudy LMS WordPress Plugin Missing Authorization Vulnerability Allowing Unauthorized Data Modification and Deletion

Vulnerability

Impact

Remediation

Affected Products

MasterStudy LMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating