{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T05:23:32.144","vulnerabilities":[{"cve":{"id":"CVE-2025-13766","sourceIdentifier":"security@wordfence.com","published":"2026-01-06T09:15:53.983","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability checks on multiple REST API endpoints in all versions up to, and including, 3.7.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload or delete arbitrary media files, delete or modify posts, and create/manage course templates"},{"lang":"es","value":"El plugin de WordPress MasterStudy LMS – para cursos en línea y educación, un plugin para WordPress es vulnerable a la modificación y eliminación no autorizadas de datos debido a la falta de comprobaciones de capacidad en múltiples puntos finales de la API REST en todas las versiones hasta la 3.7.6, inclusive. Esto hace posible que atacantes autenticados, con acceso de nivel Suscriptor y superior, suban o eliminen archivos multimedia arbitrarios, eliminen o modifiquen publicaciones, y creen/gestionen plantillas de cursos."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3422825/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2719739a-90dc-470b-9270-8578e0cead59?source=cve","source":"security@wordfence.com"}]}}]}