VYPR

Masteriyo

by Themegrill

CVEs (11)

  • CVE-2024-24882CriMay 17, 2024
    risk 0.68cvss 9.8epss 0.02

    Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2.

  • CVE-2026-4484HigMar 26, 2026
    risk 0.50cvss 8.8epss 0.00

    The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare_object_for_database' function. This makes it…

  • CVE-2024-43158HigNov 1, 2024
    risk 0.49cvss 7.5epss 0.01

    Missing Authorization vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.11.4.

  • CVE-2025-64270MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects Masteriyo - LMS: from n/a through <= 2.0.3.

  • CVE-2025-54699MedAug 14, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Stored XSS.This issue affects Masteriyo - LMS: from n/a through <= 1.18.3.

  • CVE-2024-33939MedMay 19, 2025
    risk 0.35cvss 5.3epss 0.01

    Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.3.

  • CVE-2024-43159MedNov 1, 2024
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.11.6.

  • CVE-2024-43239MedAug 18, 2024
    risk 0.28cvss 4.3epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.11.4.

  • CVE-2026-5167MedApr 8, 2026
    risk 0.27cvss 5.3epss 0.00

    The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the…

  • CVE-2024-10008Oct 29, 2024
    risk 0.01cvss epss 0.01

    The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint in all versions up to, and including,…

  • CVE-2024-10000Oct 29, 2024
    risk 0.00cvss epss 0.00

    The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the question's content parameter in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping.…