CVE Catalog

CVE-2026-57330

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Summary

A Cross Site Scripting (XSS) vulnerability in MasterStudy LMS plugin version 3.7.27 and earlier allows an attacker with subscriber role to inject malicious script. This can lead to session theft or redirection to a malicious site.

Risk Assessment

The risk for the organization is the potential hijacking of administrator or other user accounts by executing scripts in their browsers. This may result in data leakage or system integrity compromise.

Recommendation

Immediately update the MasterStudy LMS plugin to version 3.7.28 or later. Also restrict subscriber permissions to the minimum necessary.

Original NVD description (English source)

Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS