Lucene search
K

79 matches found

EUVD
EUVD
added 6 days ago9 views

EUVD-2026-39953

The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.0015EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-11773

The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.0015EPSS
Exploits0References7
CVE
CVE
added 2026/06/25 6:0 a.m.14 views

CVE-2026-10824

The Masteriyo LMS WordPress plugin, version before 2.2.1, has missing authorization checks in the course-progress REST API controller. This allows unauthenticated users to read and permanently delete any user’s course-progress records. The vulnerability is caused by insufficient access control in...

6.5CVSS5.8AI score0.00164EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 6:0 a.m.30 views

CVE-2026-10824 Masteriyo LMS < 2.2.1 - Unauthenticated Course Progress Disclosure and Deletion

The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user's course-progress records...

0.00164EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-39524

Unauthenticated Broken Access Control in Masteriyo - LMS = 2.1.5 versions...

7.5CVSS0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.26 views

CVE-2026-42743 WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

6.5CVSS0.00144EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.28 views

CVE-2026-39524 WordPress Masteriyo - LMS plugin <= 2.1.5 - Payment Bypass vulnerability

Unauthenticated Broken Access Control in Masteriyo - LMS = 2.1.5 versions...

7.5CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.9 views

CVE-2026-39524

CVE-2026-39524 affects the WordPress Masteriyo LMS plugin &lt;= 2.1.5. The vulnerability is described as Unauthenticated Broken Access Control, enabling a payment bypass vulnerability without authentication. CVSS 3.1 base score 7.5 (HIGH) with NETWORK attack vector, LOW attack complexity, and no ...

7.5CVSS5.1AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.12 views

CVE-2026-49111

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

8.8CVSS0.00238EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 12:52 p.m.20 views

CVE-2026-49111

The CVE covers WordPress Masteriyo LMS plugin versions up to 2.2.0 with an Incorrect Privilege Assignment vulnerability that enables Privilege Escalation. Affected component: Masteriyo LMS plugin. Root cause: incorrect privilege handling within the plugin. Impact: HIGH (CVSS 3.1, base score 8.8; ...

8.8CVSS5.3AI score0.00238EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49396

Unauthenticated Broken Access Control in Masteriyo - LMS = 2.1.5 versions...

7.5CVSS5.1AI score0.00246EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.17 views

PT-2026-45904

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci sync: reject oversized Broadcast Announcement prepend Existing advertising instances can already hold the maximum extended advertising payload. When hci adv bcast annoucement prepends the Broadcast Announcement...

6AI score0.00138EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/02 9:43 a.m.11 views

CVE-2025-53209

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

9.8CVSS5.8AI score0.00275EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 9:43 a.m.11 views

CVE-2025-53209 WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

9.8CVSS5.8AI score0.00275EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 9:43 a.m.24 views

CVE-2025-53209

Masteriyo LMS PRO (WordPress)

9.8CVSS5.8AI score0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 9:43 a.m.42 views

CVE-2025-53209 WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

9.8CVSS0.00275EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

WordPress plugin Masteriyo LMS PRO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS5.5AI score0.00275EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 6:43 a.m.25 views

CVE-2026-5167

CVE-2026-5167 affects the Masteriyo LMS WordPress plugin (

5.3CVSS6AI score0.00375EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/08 6:43 a.m.58 views

CVE-2026-5167 Masteriyo LMS <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint

The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the handlewebhook function. The...

5.3CVSS0.00375EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/08 6:43 a.m.3 views

CVE-2026-5167 Masteriyo LMS <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint

The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the handlewebhook function. The...

5.3CVSS6AI score0.00375EPSS
Exploits0References6
Rows per page
Query Builder