CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

161 matches found

EUVD-2026-39186

The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user's course-progress records...

6.5CVSS5.8AI score

Exploits0References2

NVD•added 12 hours ago•6 views

CVE-2026-10824

6.5CVSS

Exploits0References1

Cvelist•added 13 hours ago•8 views

CVE-2026-10824 Masteriyo LMS < 2.2.1 - Unauthenticated Course Progress Disclosure and Deletion

Exploits0References1

CVE•added 13 hours ago•9 views

CVE-2026-10824

The Masteriyo LMS WordPress plugin, version before 2.2.1, has missing authorization checks in the course-progress REST API controller. This allows unauthenticated users to read and permanently delete any user’s course-progress records. The vulnerability is caused by insufficient access control in...

6.5CVSS5.8AI score

Exploits0References1

Nuclei•added 13 hours ago•19 views

Masteriyo LMS <= 1.7.2 - Unauthenticated Privilege Escalation

The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the updateloggedinuser function in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers t...

9.8CVSS7.3AI score0.02112EPSS

Exploits0References4

EUVD•added 2026/06/15 9:30 p.m.•6 views

EUVD-2026-36957

Unauthenticated Broken Access Control in Masteriyo - LMS = 2.1.5 versions...

7.5CVSS5.1AI score0.00246EPSS

Exploits0References2

NVD•added 2026/06/15 9:16 p.m.•6 views

CVE-2026-42743

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

6.5CVSS0.00144EPSS

Exploits0References1

NVD•added 2026/06/15 9:16 p.m.•8 views

CVE-2026-39524

Unauthenticated Broken Access Control in Masteriyo - LMS = 2.1.5 versions...

7.5CVSS0.00246EPSS

Exploits0References1

EUVD•added 2026/06/15 8:18 p.m.•8 views

EUVD-2026-36837

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

6.5CVSS5.2AI score0.00144EPSS

Exploits0References1

CVE•added 2026/06/15 8:18 p.m.•14 views

CVE-2026-42743

The CVE concerns WordPress Masteriyo LMS plugin versions ≤ 2.1.8 with an Unauthenticated Broken Authentication vulnerability. Impact is described as low confidentiality and integrity (CVSS v3.1: 6.5, MEDIUM). The issue is in Masteriyo-LMS prior to or at 2.1.8, enabling access without authenticati...

6.5CVSS5.2AI score0.00144EPSS

Exploits0References1

Cvelist•added 2026/06/15 8:18 p.m.•26 views

CVE-2026-42743 WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

6.5CVSS0.00144EPSS

Exploits0References1

Vulnrichment•added 2026/06/15 8:18 p.m.•6 views

CVE-2026-42743 WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

6.5CVSS5.2AI score0.00144EPSS

Exploits0References1

Cvelist•added 2026/06/15 8:18 p.m.•28 views

CVE-2026-39524 WordPress Masteriyo - LMS plugin <= 2.1.5 - Payment Bypass vulnerability

Unauthenticated Broken Access Control in Masteriyo - LMS = 2.1.5 versions...

7.5CVSS0.00246EPSS

Exploits0References1

CVE•added 2026/06/15 8:18 p.m.•8 views

CVE-2026-39524

CVE-2026-39524 affects the WordPress Masteriyo LMS plugin <= 2.1.5. The vulnerability is described as Unauthenticated Broken Access Control, enabling a payment bypass vulnerability without authentication. CVSS 3.1 base score 7.5 (HIGH) with NETWORK attack vector, LOW attack complexity, and no ...

7.5CVSS5.1AI score0.00246EPSS

Exploits0References1

NVD•added 2026/06/15 2:16 p.m.•10 views

CVE-2026-49111

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

8.8CVSS0.00238EPSS

Exploits0References1

CVE•added 2026/06/15 12:52 p.m.•17 views

CVE-2026-49111

The CVE covers WordPress Masteriyo LMS plugin versions up to 2.2.0 with an Incorrect Privilege Assignment vulnerability that enables Privilege Escalation. Affected component: Masteriyo LMS plugin. Root cause: incorrect privilege handling within the plugin. Impact: HIGH (CVSS 3.1, base score 8.8; ...

8.8CVSS5.3AI score0.00238EPSS

Exploits0References1

Cvelist•added 2026/06/15 12:52 p.m.•31 views

CVE-2026-49111 WordPress Masteriyo - LMS plugin <= 2.2.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

8.8CVSS0.00238EPSS

Exploits0References1

Vulnrichment•added 2026/06/15 12:52 p.m.•5 views

CVE-2026-49111 WordPress Masteriyo - LMS plugin <= 2.2.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

8.8CVSS5.2AI score0.00238EPSS

Exploits0References1

EUVD•added 2026/06/15 12:52 p.m.•8 views

EUVD-2026-36722

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

8.8CVSS5.2AI score0.00238EPSS

Exploits0References1

Positive Technologies•added 2026/06/15 12:0 a.m.•14 views

PT-2026-49230

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

8.8CVSS5.2AI score0.00238EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by