VYPR
Vendor

Themegrill

Products
5
CVEs
18
Across products
18
Status
Private

Products

5

Recent CVEs

18
  • CVE-2024-24882CriMay 17, 2024
    risk 0.68cvss 9.8epss 0.02

    Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2.

  • CVE-2026-4484HigMar 26, 2026
    risk 0.50cvss 8.8epss 0.00

    The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare_object_for_database' function. This makes it…

  • CVE-2024-43158HigNov 1, 2024
    risk 0.49cvss 7.5epss 0.01

    Missing Authorization vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.11.4.

  • CVE-2024-0679MedJan 20, 2024
    risk 0.43cvss 6.5epss 0.01

    The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and…

  • CVE-2025-64270MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects Masteriyo - LMS: from n/a through <= 2.0.3.

  • CVE-2025-54699MedAug 14, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Stored XSS.This issue affects Masteriyo - LMS: from n/a through <= 1.18.3.

  • CVE-2024-34571MedMay 8, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.0.

  • CVE-2024-37432MedJul 22, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Esteem allows Stored XSS.This issue affects Esteem: from n/a through 1.5.0.

  • CVE-2024-33939MedMay 19, 2025
    risk 0.35cvss 5.3epss 0.01

    Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.3.

  • CVE-2024-43159MedNov 1, 2024
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.11.6.

  • CVE-2024-1462MedMar 13, 2024
    risk 0.34cvss 5.3epss 0.01

    The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode.

  • CVE-2024-1370MedMar 13, 2024
    risk 0.34cvss 5.3epss 0.00

    The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribe_download function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers,…

  • CVE-2025-9202MedAug 20, 2025
    risk 0.28cvss 4.3epss 0.00

    The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with…

  • CVE-2024-43239MedAug 18, 2024
    risk 0.28cvss 4.3epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.11.4.

  • CVE-2026-5167MedApr 8, 2026
    risk 0.27cvss 5.3epss 0.00

    The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the…

  • CVE-2024-10008Oct 29, 2024
    risk 0.01cvss epss 0.01

    The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint in all versions up to, and including,…

  • CVE-2024-10000Oct 29, 2024
    risk 0.00cvss epss 0.00

    The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the question's content parameter in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping.…

  • CVE-2024-39629Aug 1, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.2.