Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

masteriyo — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting masteriyo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Masteriyo is a WordPress LMS plugin enabling online course creation and management. Historically, it has been vulnerable to multiple security issues including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities. These flaws often stem from insufficient input validation and improper access controls. The plugin has accumulated 11 CVEs to date, with several critical vulnerabilities allowing unauthenticated attackers to execute arbitrary code or compromise user accounts. Security researchers have identified consistent patterns in its vulnerability profile, particularly in areas handling user-generated content and authentication mechanisms. No major public security incidents have been widely reported, though the high number of CVEs indicates a history of security challenges requiring ongoing vigilance.

Top products by masteriyo: Masteriyo - LMS Masteriyo LMS – Online Course Builder for eLearning, LMS & Education
CVE IDTitleCVSSSeverityPublished
CVE-2026-5167 Masteriyo LMS <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint — Masteriyo LMS – Online Course Builder for eLearning, LMS & EducationCWE-639 5.3 Medium2026-04-08
CVE-2026-4484 Masteriyo LMS <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator — Masteriyo LMS – Online Course Builder for eLearning, LMS & EducationCWE-862 8.8 High2026-03-26
CVE-2025-64270 WordPress Masteriyo - LMS plugin <= 2.0.3 - Sensitive Data Exposure vulnerability — Masteriyo - LMSCWE-497 6.5 Medium2025-12-18
CVE-2025-54699 WordPress Masteriyo - LMS Plugin plugin <= 1.18.3 - Cross Site Scripting (XSS) Vulnerability — Masteriyo - LMSCWE-79 6.5 Medium2025-08-14
CVE-2024-33939 WordPress LMS by Masteriyo plugin <= 1.7.3 - Broken Authentication vulnerability — Masteriyo - LMSCWE-288 5.3 Medium2025-05-19
CVE-2024-43158 WordPress Masteriyo LMS plugin <= 1.11.4 - Broken Access Control vulnerability — Masteriyo - LMSCWE-862 7.5 High2024-11-01
CVE-2024-43159 WordPress Masteriyo LMS plugin <= 1.11.6 - Broken Access Control vulnerability — Masteriyo - LMSCWE-862 5.3 Medium2024-11-01
CVE-2024-10000 Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Stored Cross-Site Scripting via Ask a Question Functionality — Masteriyo LMS – Online Course Builder for eLearning, LMS & EducationCWE-79 6.4 Medium2024-10-29
CVE-2024-10008 Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Missing Authorization to Privilege Escalation — Masteriyo LMS – Online Course Builder for eLearning, LMS & EducationCWE-862 8.8 High2024-10-29
CVE-2024-43239 WordPress Masteriyo LMS plugin <= 1.11.4 - Insecure Direct Object Reference (IDOR) vulnerability — Masteriyo - LMSCWE-639 4.3 Medium2024-08-18
CVE-2024-24882 WordPress LMS by Masteriyo plugin <= 1.7.2 - Privilege Escalation vulnerability — Masteriyo - LMSCWE-266 9.8 Critical2024-05-17

This page lists every published CVE security advisory associated with masteriyo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.