SQL Injection Vulnerability in Stylemix MasterStudy LMS
CVE-2025-64366

7.6HIGH

Key Information:

Vendor: WordPress
Status: Masterstudy Lms
Vendor: CVE Published:; 31 October 2025

What is CVE-2025-64366?

An SQL Injection vulnerability exists in Stylemix's MasterStudy LMS plugin, allowing attackers to execute blind SQL injection attacks. This flaw affects versions from n/a through 3.6.27, enabling unauthorized access to sensitive data or manipulation of database operations, potentially compromising site integrity and user information.

Affected Version(s)

MasterStudy LMS <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/mast...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2025
Vulnerability Reserved
Oct 31, 2025

Credit

YC_Infosec | Patchstack Bug Bounty Program

JSON