Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

75 matches found

NVD
NVDadded 2026/06/15 9:16 p.m.7 views

CVE-2026-39524

Unauthenticated Broken Access Control in Masteriyo - LMS = 2.1.5 versions...

7.5CVSS0.00246EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/15 8:18 p.m.26 views

CVE-2026-42743 WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

6.5CVSS0.00144EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/15 8:18 p.m.27 views

CVE-2026-39524 WordPress Masteriyo - LMS plugin <= 2.1.5 - Payment Bypass vulnerability

Unauthenticated Broken Access Control in Masteriyo - LMS = 2.1.5 versions...

7.5CVSS0.00246EPSS
Exploits0References1
CVE
CVEadded 2026/06/15 8:18 p.m.8 views

CVE-2026-39524

CVE-2026-39524 affects the WordPress Masteriyo LMS plugin &lt;= 2.1.5. The vulnerability is described as Unauthenticated Broken Access Control, enabling a payment bypass vulnerability without authentication. CVSS 3.1 base score 7.5 (HIGH) with NETWORK attack vector, LOW attack complexity, and no ...

7.5CVSS5.1AI score0.00246EPSS
Exploits0References1
NVD
NVDadded 2026/06/15 2:16 p.m.10 views

CVE-2026-49111

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

8.8CVSS0.00238EPSS
Exploits0References1
CVE
CVEadded 2026/06/15 12:52 p.m.17 views

CVE-2026-49111

The CVE covers WordPress Masteriyo LMS plugin versions up to 2.2.0 with an Incorrect Privilege Assignment vulnerability that enables Privilege Escalation. Affected component: Masteriyo LMS plugin. Root cause: incorrect privilege handling within the plugin. Impact: HIGH (CVSS 3.1, base score 8.8; ...

8.8CVSS5.3AI score0.00238EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/15 12:0 a.m.8 views

PT-2026-49396

Unauthenticated Broken Access Control in Masteriyo - LMS = 2.1.5 versions...

7.5CVSS5.1AI score0.00246EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/06/03 12:0 a.m.12 views

PT-2026-45904

Patch Priority: Sitefinity Credential Exposure with likely internet exposure CVSS 9.8-10.0 Affected: Progress Sitefinity; OpenMed; Spacelabs Sentinel; Masteriyo LMS PRO; Kirki Internet-facing risks dominate, led by Sitefinity and multiple pre-auth remote code execution and privilege escalation...

10CVSS6.5AI score0.0126EPSS
Exploits4References1
ATTACKERKB
ATTACKERKBadded 2026/06/02 9:43 a.m.11 views

CVE-2025-53209

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

9.8CVSS5.8AI score0.00275EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/02 9:43 a.m.42 views

CVE-2025-53209 WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

9.8CVSS0.00275EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/02 9:43 a.m.11 views

CVE-2025-53209 WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

9.8CVSS5.8AI score0.00275EPSS
Exploits0References1
CVE
CVEadded 2026/06/02 9:43 a.m.21 views

CVE-2025-53209

Masteriyo LMS PRO (WordPress)

9.8CVSS5.8AI score0.00275EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/06/02 12:0 a.m.5 views

WordPress plugin Masteriyo LMS PRO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS5.5AI score0.00275EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/08 6:43 a.m.2 views

CVE-2026-5167 Masteriyo LMS <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint

The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the handlewebhook function. The...

5.3CVSS6AI score0.00375EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/04/08 6:43 a.m.55 views

CVE-2026-5167 Masteriyo LMS <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint

The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the handlewebhook function. The...

5.3CVSS0.00375EPSS
Exploits0References6
CVE
CVEadded 2026/04/08 6:43 a.m.21 views

CVE-2026-5167

CVE-2026-5167 affects the Masteriyo LMS WordPress plugin (

5.3CVSS6AI score0.00375EPSS
Exploits0References6
CNNVD
CNNVDadded 2026/04/08 12:0 a.m.5 views

WordPress plugin Masteriyo LMS – Online Course Builder for eLearning, LMS & Education 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

5.3CVSS5.8AI score0.00375EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/03/27 4:59 a.m.5 views

CVE-2026-4484

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepareobjectfordatabase' function. This makes it possible for...

9.8CVSS5.8AI score0.00353EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/03/26 1:25 a.m.2 views

CVE-2026-4484 Masteriyo LMS <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepareobjectfordatabase' function. This makes it possible for...

9.8CVSS5.8AI score0.00353EPSS
Exploits1References3
CVE
CVEadded 2026/03/26 1:25 a.m.15 views

CVE-2026-4484

CVE-2026-4484 affects the Masteriyo LMS WordPress plugin up to version 2.1.6. The root cause is a vulnerability in the InstructorsController::prepare_object_for_database function that allows an authenticated user to update a user’s role, enabling privilege escalation from Student-level (and above...

9.8CVSS5.8AI score0.00353EPSS
Exploits1References3
Rows per page
Query Builder