CVE-2025-53209

Vulnerability

An Incorrect Privilege Assignment vulnerability exists in the Masteriyo LMS PRO WordPress plugin. This issue affects versions from n/a through 2.20.0, allowing for privilege escalation.

Exploitation

A malicious actor with a low-privileged account can exploit this vulnerability by performing specific actions within the plugin's interface. The exact sequence of steps required to trigger the privilege escalation is not detailed in the available references, but it allows a low-privileged user to gain higher privileges.

Impact

Successful exploitation allows a low-privileged user to escalate their privileges to a higher level, potentially gaining full administrative control over the affected WordPress website. This could lead to unauthorized modifications, data breaches, or complete site compromise.

Mitigation

Update to version 2.20.1 or later to resolve the vulnerability [1]. If an immediate update is not possible, users are advised to seek assistance from their hosting provider or web developer. Patchstack has issued a mitigation rule to block attacks until a patched version is installed [1].