{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4800", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-15T19:46:25.446Z", "datePublished": "2025-05-28T05:24:21.802Z", "dateUpdated": "2026-04-08T17:19:53.840Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:19:53.840Z"}, "affected": [{"vendor": "StylemixThemes", "product": "MasterStudy LMS Pro", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.7.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stm_lms_add_assignment_attachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible."}], "title": "MasterStudy LMS Pro <= 4.7.0 - Authenticated (Subscriber+) Arbitrary File Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c170a228-4abd-4ee6-ba37-bdcde1cb7fc5?source=cve"}, {"url": "https://stylemixthemes.com/wordpress-lms-plugin/"}, {"url": "https://themeforest.net/item/masterstudy-education-center-wordpress-theme/12170274/"}, {"url": "https://docs.stylemixthemes.com/masterstudy-lms/changelog-pro-version"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Friderika Baranyai"}], "timeline": [{"time": "2025-05-15T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-05-27T16:26:38.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-28T13:31:45.134606Z", "id": "CVE-2025-4800", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-28T13:31:51.311Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4800", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-28T13:31:45.134606Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-28T13:31:48.333Z"}}], "cna": {"title": "MasterStudy LMS Pro <= 4.7.0 - Authenticated (Subscriber+) Arbitrary File Upload", "credits": [{"lang": "en", "type": "finder", "value": "Friderika Baranyai"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "StylemixThemes", "product": "MasterStudy LMS Pro", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.7.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-15T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-05-27T16:26:38.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c170a228-4abd-4ee6-ba37-bdcde1cb7fc5?source=cve"}, {"url": "https://stylemixthemes.com/wordpress-lms-plugin/"}, {"url": "https://themeforest.net/item/masterstudy-education-center-wordpress-theme/12170274/"}, {"url": "https://docs.stylemixthemes.com/masterstudy-lms/changelog-pro-version"}], "descriptions": [{"lang": "en", "value": "The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stm_lms_add_assignment_attachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:19:53.840Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4800", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:19:53.840Z", "dateReserved": "2025-05-15T19:46:25.446Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-05-28T05:24:21.802Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stm_lms_add_assignment_attachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible."}, {"lang": "es", "value": "El complemento MasterStudy LMS Pro para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n stm_lms_add_assignment_attachment en todas las versiones hasta la 4.7.0 incluida. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que podr\u00eda posibilitar la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2025-4800", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-05-28T06:15:22.000", "references": [{"source": "security@wordfence.com", "url": "https://docs.stylemixthemes.com/masterstudy-lms/changelog-pro-version"}, {"source": "security@wordfence.com", "url": "https://stylemixthemes.com/wordpress-lms-plugin/"}, {"source": "security@wordfence.com", "url": "https://themeforest.net/item/masterstudy-education-center-wordpress-theme/12170274/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c170a228-4abd-4ee6-ba37-bdcde1cb7fc5?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T22:45:06.215346+00:00", "value": {"mitigation_remediation": ["Apply the latest MasterStudy LMS Pro update (4.7.1 or newer) to remove the file type validation flaw.", "Restrict file upload capabilities to trusted administrative roles only, and enforce tight file type checks or use a plugin\u2011based upload whitelist.", "Review and routinely audit user roles and permissions in the WordPress site to ensure that only authorized personnel have Subscriber or higher access to assignment uploads."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All installations of StylemixThemes MasterStudy LMS Pro up to and including version 4.7.0 are affected. Users running WordPress with this plugin and having any role of Subscriber or higher are vulnerable; the security impact is limited to sites that have the plugin installed and have not applied the patch for 4.7.0 or later.", "description_and_impact": "The MasterStudy LMS Pro plugin for WordPress contains a missing file type validation in the assignment attachment upload handler, enabling authenticated users with Subscriber-level access or higher to upload arbitrary files to the site\u2019s server. This flaw allows an attacker to place executable code such as PHP, which could lead to full remote code execution on the underlying web server. The vulnerability is a classic instance of unchecked input leading to arbitrary file upload (CWE\u2011434).", "risk_and_exploitability": "With a CVSS score of 8.8, the vulnerability is considered high severity. The EPSS score of 2% indicates moderate likelihood of exploitation in the wild, and the issue is not listed in the CISA KEV catalog. Attackers need authenticated access, which can be obtained via legitimate credentials, phishing, or compromised accounts. Given the potential for remote code execution and the lack of mitigation in the affected plugin, the risk to affected environments is substantial."}}}}, "created": "2026-04-20T22:45:20.548816+00:00", "updated": "2026-04-20T22:45:20.548826+00:00", "vendors": []}