136 matches found
Masteriyo LMS <= 1.7.2 - Unauthenticated Privilege Escalation
The Masteriyo LMS ā eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the updateloggedinuser function in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers t...
PT-2026-45904
Patch Priority: Sitefinity Credential Exposure with likely internet exposure CVSS 9.8-10.0 Affected: Progress Sitefinity; OpenMed; Spacelabs Sentinel; Masteriyo LMS PRO; Kirki Internet-facing risks dominate, led by Sitefinity and multiple pre-auth remote code execution and privilege escalation...
CVE-2025-53209
Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...
CVE-2025-53209 WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...
CVE-2025-53209
Masteriyo LMS PRO (WordPress)
CVE-2025-53209
Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...
EUVD-2025-210035
Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...
CVE-2025-53209 WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...
PT-2026-45718
Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...
WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability
WordPress Masteriyo - LMS plugin = 2.1.8 - Broken Authentication vulnerability discovered by HieuPenguin in WordPress Plugin Masteriyo - LMS versions = 2.1.8...
Exploit for CVE-2026-4484
CVE-2026-4484 Masteriyo LMS = 2.1.6 - Missing Authorizatio...
WordPress Masteriyo - LMS plugin <= 2.1.5 - Payment Bypass vulnerability
WordPress Masteriyo - LMS plugin = 2.1.5 - Payment Bypass vulnerability discovered by davidfdzmorilla in WordPress Plugin Masteriyo - LMS versions = 2.1.5...
WordPress Masteriyo LMS plugin <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint vulnerability
Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Masteriyo - LMS versions = 2.1.7...
CVE-2026-5167
The Masteriyo LMS ā Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the handlewebhook function. The...
CVE-2026-5167 Masteriyo LMS <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint
The Masteriyo LMS ā Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the handlewebhook function. The...
CVE-2026-5167 Masteriyo LMS <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint
The Masteriyo LMS ā Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the handlewebhook function. The...
CVE-2026-5167
CVE-2026-5167 affects the Masteriyo LMS WordPress plugin (
PT-2026-31102
Name of the Vulnerable Software and Affected Versions Masteriyo LMS ā Online Course Builder for eLearning, LMS & Education plugin for WordPress versions up to and including 2.1.7 Description The Masteriyo LMS plugin is affected by an authorization bypass issue. Insufficient webhook signature...
WordPress plugin Masteriyo LMS ā Online Course Builder for eLearning, LMS & Education å®å Øę¼ę“
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
WordPress Masteriyo LMS plugin <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator vulnerability
Missing Authorization to Authenticated Student+ Privilege Escalation to Administrator vulnerability discovered by Hunter Jensen skid in WordPress Plugin Masteriyo - LMS versions = 2.1.6...