Lucene search
+L

167 matches found

Patchstack
Patchstack
added 2026/05/28 7:55 a.m.9 views

WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability

WordPress Masteriyo - LMS plugin = 2.1.8 - Broken Authentication vulnerability discovered by HieuPenguin in WordPress Plugin Masteriyo - LMS versions = 2.1.8...

6.5CVSS5.8AI score0.00144EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
added 2026/04/18 9:5 a.m.121 views

Exploit for CVE-2026-4484

CVE-2026-4484 Masteriyo LMS = 2.1.6 - Missing Authorizatio...

9.8CVSS5.9AI score0.00353EPSS
Exploits1
Patchstack
Patchstack
added 2026/04/08 12:54 p.m.9 views

WordPress Masteriyo - LMS plugin <= 2.1.5 - Payment Bypass vulnerability

WordPress Masteriyo - LMS plugin = 2.1.5 - Payment Bypass vulnerability discovered by davidfdzmorilla in WordPress Plugin Masteriyo - LMS versions = 2.1.5...

5.8AI score0.00246EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/08 7:53 a.m.9 views

WordPress Masteriyo LMS plugin <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint vulnerability

Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Masteriyo - LMS versions = 2.1.7...

5.3CVSS5.9AI score0.00375EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/08 7:16 a.m.15 views

CVE-2026-5167

The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the handlewebhook function. The...

5.3CVSS0.00375EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/08 6:43 a.m.3 views

CVE-2026-5167 Masteriyo LMS <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint

The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the handlewebhook function. The...

5.3CVSS6AI score0.00375EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/08 6:43 a.m.64 views

CVE-2026-5167 Masteriyo LMS <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint

The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the handlewebhook function. The...

5.3CVSS0.00375EPSS
Exploits0References6
CVE
CVE
added 2026/04/08 6:43 a.m.28 views

CVE-2026-5167

CVE-2026-5167 affects the Masteriyo LMS WordPress plugin (

5.3CVSS6AI score0.00375EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

WordPress plugin Masteriyo LMS – Online Course Builder for eLearning, LMS & Education 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

5.3CVSS5.8AI score0.00375EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.21 views

PT-2026-31102

Name of the Vulnerable Software and Affected Versions Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress versions up to and including 2.1.7 Description The Masteriyo LMS plugin is affected by an authorization bypass issue. Insufficient webhook signature...

5.3CVSS5.8AI score0.00375EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/03/30 8:23 a.m.7 views

WordPress Masteriyo LMS plugin <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator vulnerability

Missing Authorization to Authenticated Student+ Privilege Escalation to Administrator vulnerability discovered by Hunter Jensen skid in WordPress Plugin Masteriyo - LMS versions = 2.1.6...

9.8CVSS5.9AI score0.00353EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.9 views

CVE-2026-4484

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepareobjectfordatabase' function. This makes it possible for...

9.8CVSS5.8AI score0.00353EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/26 3:30 a.m.7 views

EUVD-2026-16074

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepareobjectfordatabase' function. This makes it possible for...

9.8CVSS5.8AI score0.00353EPSS
Exploits1References4
NVD
NVD
added 2026/03/26 2:16 a.m.5 views

CVE-2026-4484

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepareobjectfordatabase' function. This makes it possible for...

8.8CVSS0.00353EPSS
Exploits1References3
CVE
CVE
added 2026/03/26 1:25 a.m.23 views

CVE-2026-4484

CVE-2026-4484 affects the Masteriyo LMS WordPress plugin up to version 2.1.6. The root cause is a vulnerability in the InstructorsController::prepare_object_for_database function that allows an authenticated user to update a user’s role, enabling privilege escalation from Student-level (and above...

9.8CVSS5.8AI score0.00353EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/26 1:25 a.m.2 views

CVE-2026-4484 Masteriyo LMS <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepareobjectfordatabase' function. This makes it possible for...

9.8CVSS5.8AI score0.00353EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/26 1:25 a.m.32 views

CVE-2026-4484 Masteriyo LMS <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepareobjectfordatabase' function. This makes it possible for...

8.8CVSS0.00353EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/26 1:25 a.m.8 views

CVE-2026-4484

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepareobjectfordatabase' function. This makes it possible for...

9.8CVSS5.8AI score0.00353EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.13 views

WordPress plugin Masteriyo LMS 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.8CVSS5.8AI score0.00353EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.16 views

PT-2026-28184

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare object for database' function. This makes it possible for...

9.8CVSS5.8AI score0.00353EPSS
Exploits1References4
Rows per page
Query Builder