The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with student-level access and above, to modify the description (post content) of arbitrary course announcements authored by instructors or administrators.
Metrics
Affected Vendors & Products
References
History
Mon, 29 Jun 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Masteriyo
Masteriyo masteriyo Lms – Lms Course Builder, Quizzes & Certificates Wordpress Wordpress wordpress |
|
| Vendors & Products |
Masteriyo
Masteriyo masteriyo Lms – Lms Course Builder, Quizzes & Certificates Wordpress Wordpress wordpress |
Mon, 29 Jun 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Sat, 27 Jun 2026 07:30:00 +0000
Status: PUBLISHED
Assigner: Wordfence
Published: 2026-06-27T06:50:57.531Z
Updated: 2026-06-29T12:20:04.970Z
Reserved: 2026-06-09T11:55:57.904Z
Link: CVE-2026-11773
Updated: 2026-06-29T12:19:48.415Z
No data.
No data.