CVE-2026-39524

CVE-2026-39524 affects the WordPress Masteriyo LMS plugin <= 2.1.5. The vulnerability is described as Unauthenticated Broken Access Control, enabling a payment bypass vulnerability without authentication. CVSS 3.1 base score 7.5 (HIGH) with NETWORK attack vector, LOW attack complexity, and no ...

CVE-2026-39524 WordPress Masteriyo - LMS plugin <= 2.1.5 - Payment Bypass vulnerability

Unauthenticated Broken Access Control in Masteriyo - LMS = 2.1.5 versions...

CVE-2026-49111

The CVE covers WordPress Masteriyo LMS plugin versions up to 2.2.0 with an Incorrect Privilege Assignment vulnerability that enables Privilege Escalation. Affected component: Masteriyo LMS plugin. Root cause: incorrect privilege handling within the plugin. Impact: HIGH (CVSS 3.1, base score 8.8; ...

CVE-2026-49111 WordPress Masteriyo - LMS plugin <= 2.2.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

WordPress Masteriyo - LMS plugin <= 2.2.0 - Privilege Escalation vulnerability

WordPress Masteriyo - LMS plugin = 2.2.0 - Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Masteriyo - LMS versions = 2.2.0...

WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability

WordPress Masteriyo - LMS plugin = 2.1.8 - Broken Authentication vulnerability discovered by HieuPenguin in WordPress Plugin Masteriyo - LMS versions = 2.1.8...

WordPress Masteriyo - LMS plugin <= 2.1.5 - Payment Bypass vulnerability

WordPress Masteriyo - LMS plugin = 2.1.5 - Payment Bypass vulnerability discovered by davidfdzmorilla in WordPress Plugin Masteriyo - LMS versions = 2.1.5...

CVE-2025-64270 WordPress Masteriyo - LMS plugin <= 2.0.3 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects Masteriyo - LMS: from n/a through = 2.0.3...

CVE-2025-64270 WordPress Masteriyo - LMS plugin <= 2.0.3 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects Masteriyo - LMS: from n/a through = 2.0.3...

CVE-2025-54699 WordPress Masteriyo - LMS Plugin plugin <= 1.18.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Stored XSS.This issue affects Masteriyo - LMS: from n/a through = 1.18.3...

WordPress Masteriyo - LMS Plugin <= 1.13.3 is vulnerable to Cross Site Scripting (XSS)

Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.13.3 Fixed in 1.13.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10000 Patch priority Low CVSS severity Low 6.5 Developer Masteriyo PSID 896bb27d11e1 Credits floerer Required privilege...

WordPress Masteriyo - LMS Plugin <= 1.11.6 is vulnerable to Broken Access Control

Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.11.6 Fixed in 1.12.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43159 Patch priority Low CVSS severity Low 5.3 Developer Masteriyo PSID 1a387af06f60 Credits Ananda Dhakal Patchstack Required...