Wp Secure Stack

Home

Masteriyo LMS <= 2.1.6 – Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator

Masteriyo LMS <= 2.1.6 – Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator

WP Secure Stack Team

Published

Last Updated

Read Time

Share:

Facebook
Twitter
LinkedIn

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the ‘InstructorsController::prepare_object_for_database’ function. This makes it possible for authenticated attackers, with Student-level access and above, to elevate their privileges to that of an administrator

Tags:

, , ,

WP Secure Stack Team

About the Author

WP Secure Stack Team

View all articles by this author →

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

📥 Free Download

50-Point WordPress Security Checklist

Everything in this guide + 43 more hardening steps, formatted as a printable PDF.

Download Free PDF →

Popular Posts

Get weekly threat alerts

New CVEs, plugin alerts, and hardening tips every Tuesday. Free forever.

Subscribe Free →

Categories

Search

Popular Tags

Component Type: Plugin CVE-2026-4484 Featured IP Allowlisting Patched:Yes Severity: High WordPress Login Security