SQL Injection Vulnerability in MasterStudy LMS Pro Plus for WordPress
CVE-2026-8653

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Masterstudy Lms Pro
Vendor: CVE Published:; 4 June 2026

What is CVE-2026-8653?

The MasterStudy LMS Pro Plus plugin for WordPress is susceptible to SQL Injection attacks through the 'columns' parameter. This vulnerability arises from inadequate escaping of user-supplied input, combined with insufficient parameter preparation in SQL queries. As a result, authenticated users with instructor-level access or higher can manipulate existing SQL queries, potentially leading to unauthorized access to sensitive information within the database. Website administrators are urged to apply available patches to safeguard against these security risks.

Affected Version(s)

MasterStudy LMS Pro 0 <= 4.8.20

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://stylemixthemes.com/wordpress-lms-plugin/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2026
Vulnerability Reserved
May 15, 2026

Credit

Rafie Muhammad

CVE-2026-8653 Data

JSON