CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2 days ago•12 views

CVE-2025-53209

Masteriyo LMS PRO (WordPress)

9.8CVSS5.8AI score0.00024EPSS

ATTACKERKB•added 2 days ago•4 views

CVE-2025-53209

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

9.8CVSS5.8AI score0.00024EPSS

Exploits0References2

Vulnrichment•added 2 days ago•5 views

CVE-2025-53209 WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

9.8CVSS5.8AI score0.00024EPSS

Vulnrichment•added 2026/04/08 6:43 a.m.•2 views

CVE-2026-5167 Masteriyo LMS <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint

The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the handlewebhook function. The...

5.3CVSS6AI score0.00027EPSS

Cvelist•added 2026/04/08 6:43 a.m.•16 views

CVE-2026-5167 Masteriyo LMS <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint

5.3CVSS0.00027EPSS

CVE•added 2026/04/08 6:43 a.m.•7 views

CVE-2026-5167

CVE-2026-5167 affects the Masteriyo LMS WordPress plugin (

5.3CVSS6AI score0.00027EPSS

CNNVD•added 2026/04/08 12:0 a.m.•3 views

WordPress plugin Masteriyo LMS – Online Course Builder for eLearning, LMS & Education 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

5.3CVSS5.8AI score0.00027EPSS

RedhatCVE•added 2026/03/27 4:59 a.m.•3 views

CVE-2026-4484

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepareobjectfordatabase' function. This makes it possible for...

CVE•added 2026/03/26 1:25 a.m.•11 views

Exploits1References1

CVE-2026-4484

CVE-2026-4484 affects the Masteriyo LMS WordPress plugin up to version 2.1.6. The root cause is a vulnerability in the InstructorsController::prepare_object_for_database function that allows an authenticated user to update a user’s role, enabling privilege escalation from Student-level (and above...

Vulnrichment•added 2026/03/26 1:25 a.m.•1 views

Exploits1References3

CVE-2026-4484 Masteriyo LMS <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator

CNNVD•added 2026/03/26 12:0 a.m.•2 views

Exploits1References3

WordPress plugin Masteriyo LMS 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

RedhatCVE•added 2025/12/19 7:32 a.m.•2 views

Exploits1References3

CVE-2025-64270

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects Masteriyo - LMS: from n/a through = 2.0.3...

6.5CVSS6.9AI score0.00041EPSS