MasterStudy LMS – Online Courses, eLearning PRO Plus

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'install_and_activate_plugin' function in all versions up to, and including, 4.7.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability is difficult to exploit due to timing requirements and environmental factors.

Basic Information

ID CVE-2025-7438

Source Wordfence

Published Jul 18, 2025 at 06:45

Modified Jul 18, 2025 at 13:03

Affected Product

Vendor StylemixThemes

Product MasterStudy LMS Pro

Version *

Affected Versions StylemixThemes MasterStudy LMS Pro *

CWE Classification

CWE-434

References

{
    "lastseen": "",
    "description": "The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'install_and_activate_plugin' function in all versions up to, and including, 4.7.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability is difficult to exploit due to timing requirements and environmental factors.",
    "published": "2025-07-18T06:45:33.113Z",
    "modified": "2025-07-18T13:03:14.604Z",
    "type": "cve",
    "title": "MasterStudy LMS \u2013 Online Courses, eLearning PRO Plus <= 4.7.9 - Authenticated (Subscriber+) Arbitrary File Upload",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ab970f5-35d1-43e9-891c-87a2a3e464c6?source=cve\nhttps://docs.stylemixthemes.com/masterstudy-lms/changelog-pro-version",
    "id": "CVE-2025-7438",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "StylemixThemes MasterStudy LMS Pro *",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MasterStudy LMS Pro",
    "version": "*",
    "vendor": "StylemixThemes",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

MasterStudy LMS – Online Courses, eLearning PRO Plus <= 4.7.9 - Authenticated (Subscriber+) Arbitrary File Upload_CVE-2025-7438