CVE Catalog
CVE-2026-57330
MediumCVSS 6.5Summary
A Cross Site Scripting (XSS) vulnerability in MasterStudy LMS plugin version 3.7.27 and earlier allows an attacker with subscriber role to inject malicious script. This can lead to session theft or redirection to a malicious site.
Risk Assessment
The risk for the organization is the potential hijacking of administrator or other user accounts by executing scripts in their browsers. This may result in data leakage or system integrity compromise.
Recommendation
Immediately update the MasterStudy LMS plugin to version 3.7.28 or later. Also restrict subscriber permissions to the minimum necessary.
Original NVD description (English source)
Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.

