Get Started

WordPress: Arbitrary File Upload in MasterStudy LMS Pro Plugin

by the Hossted team
28.05.2025

In MasterStudy LMS Pro plugin versions up to and including 4.7.0 a high severity vulnerability CVE-2025-4800 allows authenticated users with Subscriber-level access or higher to upload arbitrary files due to missing file type validation in the `stm_lms_add_assignment_attachment` function. This could potentially lead to remote code execution on the server. To address this issue, users should upgrade MasterStudy LMS Pro plugin to versions 4.7.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4800.

Related articles
OSSpedia
OSSpedia 19 Feb 2025 WordPress: Insecure Direct Object Reference in Education Addon for Elementor Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Cross-Site Request Forgery Vulnerability in DeBounce Email Validator Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Unauthorized Access Vulnerability in Raptive Ads Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 11 Mar 2025 WordPress: Stored XSS Vulnerability in Countdown Timer Plugin Business and Enterprise Solutions CMS WOR