CVE-2026-57640
Deferred Deferred - Pending Action

Subscriber Broken Access Control in MasterStudy LMS

Vulnerability report for CVE-2026-57640, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description

Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
patchstack masterstudy_lms to 3.7.30 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability in the WordPress MasterStudy LMS Plugin versions 3.7.30 and earlier is a Broken Access Control issue. It allows unprivileged users to perform actions that normally require higher privileges because of missing authorization checks.

This means that users without proper permissions can access or manipulate parts of the system they should not be able to, potentially compromising the integrity of the application.

Impact Analysis

This vulnerability can allow attackers or unprivileged users to perform unauthorized actions within the MasterStudy LMS plugin, which could lead to unauthorized changes or access to sensitive features.

Although the severity is considered low (CVSS score 4.3), attackers may exploit this vulnerability in mass campaigns targeting many websites using the affected plugin versions.

Users of the plugin are advised to update immediately to version 3.7.31 or later to mitigate this risk.

Compliance Impact

The vulnerability is a Broken Access Control issue allowing unprivileged users to perform actions requiring higher privileges due to missing authorization checks.

Such access control weaknesses can potentially lead to unauthorized actions or data manipulation, which may impact compliance with standards like GDPR or HIPAA that require strict access controls and protection of sensitive data.

However, the provided information does not explicitly describe the direct impact of this vulnerability on compliance with these regulations.

Mitigation Strategies

To mitigate the Broken Access Control vulnerability in MasterStudy LMS versions 3.7.30 and earlier, users should immediately update the plugin to version 3.7.31 or later.

If you are using Patchstack, you can enable auto-updates for vulnerable plugins to ensure timely patching.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57640. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart