cleantalk
Vulnerabilities and Security Researches

MasterStudy LMS WordPress Plugin – for Online Courses and Education, CVE-2025-64366

CVE, Research URL

CVE-2025-64366

Home page URL

Security reports for MasterStudy LMS WordPress Plugin – for Online Courses and Education

Application

MasterStudy LMS WordPress Plugin – for Online Courses and Education

Published on
Oct 31, 2025
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through <= 3.6.27.
Affected versions
max 3.6.27.
Status
vulnerable
Previous vulnerability researches
My Favorites (CVE-2024-37114) , Jun 24, 2024
My Favorites (CVE-2024-49263) , Oct 18, 2024
New vulnerability
Whydonate &#8211; FREE Donate button &#8211; Crowdfunding &#8211; Fundraising (CVE-2025-10186) , Nov 11, 2025
Whydonate &#8211; FREE Donate button &#8211; Crowdfunding &#8211; Fundraising (CVE-2025-49899) , Nov 11, 2025
WP Popup Builder &#8211; Popup Forms and Marketing Lead Generation (CVE-2025-62902) , Nov 11, 2025
WP Tactical Popup (CVE-2025-58921) , Nov 11, 2025
LMB^Box Smileys (CVE-2025-12400) , Nov 11, 2025