SQL Injection Vulnerability in Stylemix MasterStudy LMS by Stylemix
CVE-2026-42730

8.5HIGH

Key Information:

Vendor: WordPress
Status: Masterstudy Lms
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-42730?

A vulnerability has been identified in the Stylemix MasterStudy Learning Management System that allows unauthorized users to manipulate SQL queries through improper neutralization of special elements. This security flaw, impacting versions up to and including 3.7.29 of the MasterStudy LMS, facilitates blind SQL injection attacks, potentially granting attackers access to sensitive databases. It is crucial for users to update to the latest patch to safeguard their systems and protect sensitive information from exploitation.

Affected Version(s)

MasterStudy LMS 0 <= 3.7.29

References

https://patchstack.com/database/Wordpress/Plugin/masterst...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

walow | Patchstack Bug Bounty Program

CVE-2026-42730 Data

JSON