CVE-2025-4800 – WordPress MasterStudy LMS Pro Arbitrary File Upload Vulnerability

May 28, 2025

CVE ID : CVE-2025-4800

Published : May 28, 2025, 6:15 a.m. | 3 hours, 10 minutes ago

Description : The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stm_lms_add_assignment_attachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server, which may make remote code execution possible.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5025 – libcurl wolfSSL QUIC Certificate Pinning Bypass

Next Article Rilasciata AlmaLinux 10 “Purple Lion”: tutte le novità della nuova versione compatibile con RHEL 10

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

Report: 71% of tech leaders won’t hire devs without AI skills

Remedy offers update on ‘FBC: Firebreak,’ details coming improvements — “We’ve seen many players come into the game and leave within the first hour.”

I ran with Samsung’s Galaxy Watch 8 Classic, and it both humbled and motivated me

You can finally move Chrome’s address bar on Android – here’s how

Is your Ring camera showing strange logins? Here’s what’s going on

The details of TC39’s last meeting

The details of TC39’s last meeting

Online Examination System using PHP and MySQL

A tricky, educational quiz: it’s about time..

Remedy offers update on ‘FBC: Firebreak,’ details coming improvements — “We’ve seen many players come into the game and leave within the first hour.”

Remedy offers update on ‘FBC: Firebreak,’ details coming improvements — “We’ve seen many players come into the game and leave within the first hour.”

Ubuntu 25.10 Shrinks its Raspberry Pi Install Footprint

Microsoft kills Movies & TV storefront on Windows and Xbox — here’s what will happen to your purchased media

CVE-2025-4800 – WordPress MasterStudy LMS Pro Arbitrary File Upload Vulnerability

Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services

Ivanti Bugs Exploited Even After Three Months of Patch Availability

Supercharging vector search performance and relevance with pgvector 0.8.0 on Amazon Aurora PostgreSQL

Duizenden NetScaler-servers kwetsbaar voor CitrixBleed2, details snel openbaar

Easily convert, compress, and merge your files with Convert Eaze

CVE-2025-6409 – PHPGurukul Art Gallery Management System SQL Injection

CVE-2025-4718 – Campcodes Sales and Inventory System SQL Injection

Lies of P’s new ‘Overture’ DLC is a love letter to the game’s community, and the soulslike genre at large

GitHub Copilot adds agent mode, MCP support in latest release

One of Linux’s big hitters declares your Windows 10 PC “is toast,” and one angle needs talking about MUCH more

CVE-2025-4800 – WordPress MasterStudy LMS Pro Arbitrary File Upload Vulnerability

Related Posts