CVE Catalog

CVE-2026-57640

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Summary

The MasterStudy LMS plugin versions up to 3.7.30 contain a vulnerability related to broken access control by a subscriber. A user with the subscriber role can gain unauthorized access to functions intended for administrators.

Risk Assessment

The risk involves privilege escalation by a subscriber, which may lead to unauthorized changes in plugin settings or access to sensitive data.

Recommendation

It is recommended to immediately update the MasterStudy LMS plugin to the latest version that fixes this vulnerability.

Original NVD description (English source)

Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS