CVE-2025-4800
📋 TL;DR
The MasterStudy LMS Pro WordPress plugin allows authenticated users with Subscriber-level access or higher to upload arbitrary files due to missing file type validation. This vulnerability can lead to remote code execution on affected WordPress sites. All versions up to and including 4.7.0 are vulnerable.
💻 Affected Systems
- MasterStudy LMS Pro WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers achieve remote code execution, gain full control of the WordPress server, and potentially compromise the entire hosting environment.
Likely Case
Attackers upload web shells or malicious scripts to execute arbitrary commands, deface websites, steal data, or install backdoors.
If Mitigated
With proper file upload restrictions and web application firewalls, attackers may only upload harmless files or be blocked entirely.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once credentials are obtained. File upload vulnerabilities are commonly weaponized.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 4.7.1 or later
Vendor Advisory: https://docs.stylemixthemes.com/masterstudy-lms/changelog-pro-version
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find MasterStudy LMS Pro. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from vendor and manually update.
🔧 Temporary Workarounds
Disable plugin temporarily
allDeactivate the vulnerable plugin until patched
wp plugin deactivate masterstudy-lms-learning-management-system-pro
Restrict file uploads via .htaccess
linuxBlock execution of uploaded files in wp-content/uploads directory
Add to .htaccess in wp-content/uploads: <FilesMatch "\.(php|php5|phtml|pl|py|jsp|asp|sh|cgi)$">
Order Allow,Deny
Deny from all
</FilesMatch>
🧯 If You Can't Patch
- Remove Subscriber and higher role permissions for all untrusted users
- Implement web application firewall rules to block suspicious file uploads
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → MasterStudy LMS Pro version. If version is 4.7.0 or lower, system is vulnerable.Check Version:
wp plugin get masterstudy-lms-learning-management-system-pro --field=versionVerify Fix Applied:
Confirm plugin version is 4.7.1 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to /wp-content/uploads/ via POST requests
- Files with double extensions (.php.jpg, .phtml.gif)
- Large number of upload attempts from single user
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=stm_lms_add_assignment_attachment
- Uploads of executable file types to WordPress endpoints
SIEM Query:
source="web_logs" AND uri_path="/wp-admin/admin-ajax.php" AND method="POST" AND (form_data CONTAINS ".php" OR form_data CONTAINS ".phtml" OR form_data CONTAINS ".jsp")🔗 References
- https://docs.stylemixthemes.com/masterstudy-lms/changelog-pro-version
- https://stylemixthemes.com/wordpress-lms-plugin/
- https://themeforest.net/item/masterstudy-education-center-wordpress-theme/12170274/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c170a228-4abd-4ee6-ba37-bdcde1cb7fc5?source=cve
