PT-2026-52208 · WordPress · Masteriyo - Lms

Published

2026-06-25

Updated

2026-06-25

CVE-2026-10824

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Masteriyo LMS WordPress plugin versions prior to 2.2.1

Description An authorization bypass exists in the course-progress REST API controller. This allows unauthenticated users to read and permanently delete course-progress records belonging to any user.

Recommendations Update Masteriyo LMS WordPress plugin to version 2.2.1 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-10824

Affected Products

Masteriyo - Lms

PT-2026-52208 · WordPress · Masteriyo - Lms

CVE-2026-10824

Related Identifiers

Affected Products

References · 3