PatchSiren cyber security CVE debrief
CVE-2025-64215 StylemixThemes CVE debrief
A Missing Authorization vulnerability was discovered in StylemixThemes MasterStudy LMS Pro, affecting versions from n/a before 4.7.16. This vulnerability allows attackers to access functionality not properly constrained by Access Control Lists (ACLs). The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 6.5, indicating a Medium severity level.
- Vendor
- StylemixThemes
- Product
- MasterStudy LMS Pro
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of MasterStudy LMS Pro plugin for WordPress, particularly those with versions prior to 4.7.16, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by a missing authorization check in the MasterStudy LMS Pro plugin. This allows unauthorized access to certain functionality, potentially leading to unintended actions or data exposure.
Defensive priority
MEDIUM
Recommended defensive actions
- Update MasterStudy LMS Pro to version 4.7.16 or later.
- Review and restrict access to sensitive functionality within the plugin.
- Monitor plugin usage and logs for suspicious activity.
Evidence notes
The vulnerability was reported by [email protected] and is referenced in the NVD database.
Official resources
-
CVE-2025-64215 CVE record
CVE.org
-
CVE-2025-64215 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2025-64215 was published on 2026-06-15T14:16:32.753Z and has not been modified since then.