Wp Secure Stack

Severity: High

Sort by:

Recently Updated

All Articles

Vulnerabilities and Threat Intelligence

April 21, 2026

Masteriyo LMS <= 2.1.6 – Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the ‘InstructorsController::prepare_object_for_database’ function. This makes it possible for authenticated attackers, with Student-level access and above, to elevate their privileges to that…

WP Secure Stack Team

April 21, 2026

Global WP Threat Level

Elevated ⚠️

WooCommerce Payments CVE active. Patch immediately if installed.

Search

Popular Posts

How to Disable XML-RPC in WordPress in 2026

April 10, 2026
How to Restrict Unauthorized WordPress Admin Access Using IP Allowlisting

April 4, 2026
Hello world!

April 4, 2026
The WordPress Security Toolkit: 30 Free Tools Every Site Owner Should Use

April 4, 2026
How to Detect and Fix Vulnerable Plugins in WordPress

April 4, 2026

Weekly threat alerts

New CVEs and hardening tips every Tuesday. Free.

Subscribe Free →

All Categories

📥 Free Download

Security Checklist PDF

50-point hardening checklist. Free PDF, no signup needed.

Download Free →