PT-2026-28184 · WordPress · Masteriyo Lms Plugin
Hunter Jensen
·
Publicado
2026-03-26
·
Atualizado
2026-03-26
·
CVE-2026-4484
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Masteriyo LMS plugin for WordPress versions prior to 2.1.7
Description
The Masteriyo LMS plugin for WordPress is susceptible to a privilege escalation issue. An authenticated attacker with Student-level access or higher can elevate their privileges to that of an administrator. This is possible due to the plugin allowing a user to update their user role through the
InstructorsController::prepare object for database function. The vulnerable API endpoint is not explicitly mentioned. The vulnerable parameter is not explicitly mentioned.Recommendations
Update the Masteriyo LMS plugin to version 2.1.7 or later.
Correção
LPE
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Masteriyo Lms Plugin