CVE-2025-54744
BaseFortify
Publication date: 2025-09-05
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| stylemixthemes | masterstudy_lms | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-54744 is a broken access control vulnerability in the WordPress MasterStudy LMS Plugin up to version 3.6.15. It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, allowing users with low privileges (Subscriber-level) to perform actions meant for higher privileged users. This means unauthorized users can escalate their privileges within the system. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers with low-level access to escalate their privileges and perform unauthorized actions within the MasterStudy LMS plugin. This can lead to unauthorized changes or control over the LMS environment, potentially compromising the integrity of the system and its data. It poses a moderate security risk to affected WordPress sites using the vulnerable plugin versions. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking if your WordPress site is running the MasterStudy LMS Plugin version 3.6.15 or earlier, as these versions are vulnerable. You can verify the plugin version via the WordPress admin dashboard or by running commands on the server such as: `wp plugin list | grep masterstudy-lms` (using WP-CLI) to see the installed version. Additionally, monitoring for unusual privilege escalation attempts or unauthorized actions by Subscriber-level users may indicate exploitation attempts. There are no specific network commands provided for direct detection of this vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the virtual patch (vPatch) provided by Patchstack to temporarily block attacks targeting this vulnerability. The most effective and recommended action is to update the MasterStudy LMS Plugin to version 3.6.16 or later, which contains the official fix. Users can also enable automatic updates and use security platforms like Patchstack for continuous protection until the update is applied. [1]