CVE-2026-57330
Received Received - Intake

Subscriber XSS in MasterStudy LMS <= 3.7.27

Publication date: 2026-06-29

Last updated on: 2026-06-29

Assigner: Patchstack

Description
Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-06-29
Generated
2026-06-29
AI Q&A
2026-06-29
EPSS Evaluated
N/A
NVD
CVE-2026-57330
EUVD
EUVD-2026-40101

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
masterstudy lms to 3.7.27 (inc)
masterstudy masterstudy_lms to 3.7.27 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-57330 is a Cross Site Scripting (XSS) vulnerability found in the WordPress MasterStudy LMS Plugin versions 3.7.27 and below.

This vulnerability allows attackers to inject malicious scripts into the website, which can execute when visitors access the site.

Exploitation requires a privileged user to interact with a crafted link, page, or form.

The issue is classified as medium severity with a CVSS score of 6.5 and falls under the OWASP Top 10 category A3: Injection.

Compliance Impact

The vulnerability is a Cross Site Scripting (XSS) issue that allows attackers to inject malicious scripts, potentially leading to unauthorized actions on affected websites.

Such vulnerabilities can impact compliance with standards like GDPR and HIPAA because they may lead to unauthorized access or manipulation of user data, compromising confidentiality and integrity.

Specifically, if exploited, this XSS vulnerability could result in data breaches or unauthorized disclosure of personal information, which are violations under GDPR and HIPAA regulations.

Therefore, failure to patch or mitigate this vulnerability could expose organizations to regulatory penalties and legal liabilities.

Impact Analysis

If exploited, this vulnerability can allow attackers to execute malicious scripts on your website.

  • Attackers may redirect visitors to malicious sites.
  • They can display unwanted or harmful content to users.
  • It requires a privileged user to interact with a crafted element, so the risk involves trusted users being targeted.

Overall, this can lead to compromised user trust, potential data exposure, and disruption of normal website operations.

Detection Guidance

This vulnerability involves Cross Site Scripting (XSS) in the MasterStudy LMS plugin versions 3.7.27 and below. Detection typically requires checking the plugin version installed on your WordPress site.

You can detect if your system is vulnerable by verifying the plugin version. For example, you can use WP-CLI commands to check the installed version:

  • wp plugin list --status=active | grep masterstudy-lms

If the version is 3.7.27 or below, your system is vulnerable. Additionally, monitoring for suspicious input or script injection attempts in user-submitted forms or URLs that privileged users interact with may help detect exploitation attempts.

Mitigation Strategies

The immediate and recommended mitigation is to update the MasterStudy LMS plugin to version 3.7.28 or later, where the vulnerability has been patched.

If updating immediately is not possible, apply any mitigations provided by Patchstack to prevent exploitation.

Additionally, restrict privileged user interactions with untrusted links, pages, or forms to reduce the risk of exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57330. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart