CVE-2025-4800

Name of the Vulnerable Software and Affected Versions MasterStudy LMS Pro plugin for WordPress versions up to, and including, 4.7.0

Description The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stm lms add assignment attachment function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible.

Recommendations For MasterStudy LMS Pro plugin for WordPress versions up to, and including, 4.7.0: Update to a version higher than 4.7.0 to fix the arbitrary file upload vulnerability. As a temporary workaround, consider disabling the stm lms add assignment attachment function until a patch is available. Restrict access to the affected plugin to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved.