What the vulnerability does
01Description
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MasterStudy LMS: from n/a through 3.2.12.
CVE-2024-37094
HIGH
CVE-2024-37094: WordPress MasterStudy LMS plugin <= 3.2.12 - Broken Access Control vulnerability
CVSS base score
8.2/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Key dates
02Disclosure timeline
November 1, 2024
CVE published
April 28, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-7621 Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update
CVE-2025-31376 WordPress NanoSupport plugin <= 0.6.0 - Broken Access Control vulnerability
CVE-2024-8369 EventPrime <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure
CVE-2025-69359 WordPress Creator LMS plugin <= 1.1.12 - Broken Access Control vulnerability
CVE-2025-31576 WordPress PostmarkApp Email Integrator plugin <= 2.4 - Broken Access Control vulnerability
