CVE-2026-49111

The CVE covers WordPress Masteriyo LMS plugin versions up to 2.2.0 with an Incorrect Privilege Assignment vulnerability that enables Privilege Escalation. Affected component: Masteriyo LMS plugin. Root cause: incorrect privilege handling within the plugin. Impact: HIGH (CVSS 3.1, base score 8.8; ...

WordPress plugin Masteriyo LMS – Online Course Builder for eLearning, LMS & Education 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

EUVD-2024-32854

Malicious code in bioql PyPI...

CVE-2025-54699 WordPress Masteriyo - LMS Plugin plugin <= 1.18.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Stored XSS.This issue affects Masteriyo - LMS: from n/a through = 1.18.3...

CVE-2024-10008

CVE-2024-10008 – Masteriyo LMS (WordPress) : Versions up to 1.13.3 are affected. An attacker with student-level access or higher can exploit missing authorization checks on the REST endpoint /wp-json/masteriyo/v1/users/$id to modify arbitrary user roles, enabling privilege escalation to Administr...

CVE-2024-43239 WordPress Masteriyo LMS plugin <= 1.11.4 - Insecure Direct Object Reference (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through = 1.11.4...

VulnCheck KEV: CVE-2024-33939

The Masteriyo LMS Plugin for WordPress is vulnerable to an insecure direct object reference that could allow unauthenticated adversaries to view other users course progress. Versions up to and including 1.7.3 are vulnerable via the REST API...