WordPress Masteriyo LMS plugin <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator vulnerability

Missing Authorization to Authenticated Student+ Privilege Escalation to Administrator vulnerability discovered by Hunter Jensen skid in WordPress Plugin Masteriyo - LMS versions = 2.1.6...

CVE-2026-4484

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepareobjectfordatabase' function. This makes it possible for...

CVE-2026-4484 Masteriyo LMS <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepareobjectfordatabase' function. This makes it possible for...

PT-2026-28184

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare object for database' function. This makes it possible for...

CVE-2025-64270

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects Masteriyo - LMS: from n/a through = 2.0.3...

EUVD-2025-24695

Malicious code in bioql PyPI...

CVE-2025-54699

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Stored XSS.This issue affects Masteriyo - LMS: from n/a through = 1.18.3...

CVE-2025-54699 WordPress Masteriyo - LMS Plugin plugin <= 1.18.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in masteriyo Masteriyo - LMS allows Stored XSS. This issue affects Masteriyo - LMS: from n/a through 1.18.3...

PT-2025-33251 · Unknown · Masteriyo - Lms

Name of the Vulnerable Software and Affected Versions: Masteriyo - LMS versions through 1.18.3 Description: The software contains a Stored Cross-Site Scripting XSS flaw due to improper neutralization of input during web page generation. This allows for the injection of malicious scripts into web...

WordPress plugin Masteriyo - LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress plugin Masteriyo - LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2024-30350 · Unknown · Masteriyo - Lms

Name of the Vulnerable Software and Affected Versions: Masteriyo - LMS versions 1.11.6 and earlier Description: The issue affects Masteriyo - LMS, allowing access to functionality not properly constrained by ACLs due to a Missing Authorization vulnerability. Recommendations: For Masteriyo - LMS...

CVE-2024-24882

Improper Privilege Management vulnerability in Masteriyo LMS allows Privilege Escalation.This issue affects LMS: from n/a through 1.7.2...

WordPress LMS by Masteriyo plugin <= 1.7.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Masteriyo - LMS versions = 1.7.2...

VulnCheck KEV: CVE-2024-24882

Improper Privilege Management vulnerability in Masteriyo LMS allows Privilege Escalation.This issue affects LMS: from n/a through 1.7.2...