cleantalk
Vulnerabilities and Security Researches

MasterStudy LMS WordPress Plugin – for Online Courses and Education, CVE-2025-13766

CVE, Research URL

CVE-2025-13766

Home page URL

Security reports for MasterStudy LMS WordPress Plugin – for Online Courses and Education

Application

MasterStudy LMS WordPress Plugin – for Online Courses and Education

Published on
Jan 06, 2026
Research Description
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability checks on multiple REST API endpoints in all versions up to, and including, 3.7.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload or delete arbitrary media files, delete or modify posts, and create/manage course templates
Affected versions
max 3.7.7.
Status
vulnerable
Previous vulnerability researches
MasterStudy LMS WordPress Plugin – for Online Courses and Education (CVE-2025-59577) , Apr 24, 2026
MasterStudy LMS WordPress Plugin – for Online Courses and Education (CVE-2025-32141) , Apr 05, 2025
MasterStudy LMS WordPress Plugin – for Online Courses and Education (CVE-2025-59576) , Apr 24, 2026
MasterStudy LMS WordPress Plugin – for Online Courses and Education (CVE-2025-54744) , Sep 06, 2025
MasterStudy LMS WordPress Plugin – for Online Courses and Education (CVE-2025-32237) , Apr 05, 2025
New vulnerability
Portfolio & Image Gallery for WordPress | PowerFolio (CVE-2025-57932) , Apr 24, 2026
Bold Page Builder (CVE-2025-7730) , Apr 24, 2026
Flexi – Guest Submit (CVE-2025-9129) , Apr 24, 2026
Maps for WP (CVE-2025-57952) , Apr 24, 2026
Poll Maker – Best WordPress Poll Plugin (CVE-2025-57954) , Apr 24, 2026