CVE Catalog
CVE-2026-57640
MediumCVSS 4.3Summary
The MasterStudy LMS plugin versions up to 3.7.30 contain a vulnerability related to broken access control by a subscriber. A user with the subscriber role can gain unauthorized access to functions intended for administrators.
Risk Assessment
The risk involves privilege escalation by a subscriber, which may lead to unauthorized changes in plugin settings or access to sensitive data.
Recommendation
It is recommended to immediately update the MasterStudy LMS plugin to the latest version that fixes this vulnerability.
Original NVD description (English source)
Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions.

