CVE-2025-13766

Name of the Vulnerable Software and Affected Versions MasterStudy LMS WordPress Plugin versions through 3.7.6

Description The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is susceptible to unauthorized modification and deletion of data. This is due to a lack of appropriate capability checks on several REST API endpoints. Authenticated attackers possessing Subscriber-level access or higher can exploit this to perform actions such as uploading or deleting arbitrary media files, modifying or deleting posts, and creating or managing course templates.

Recommendations Update to a version beyond 3.7.6.