LMS by Masteriyo – WordPress Learning Management System, eLearning Platform, Online Education System & Online Course , CVE-2026-4484

CVE, Research URL: CVE-2026-4484
Home page URL: Security reports for LMS by Masteriyo – WordPress Learning Management System, eLearning Platform, Online Education System & Online Course
Application: LMS by Masteriyo – WordPress Learning Management System, eLearning Platform, Online Education System & Online Course
Published on: Mar 26, 2026
Research Description: The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare_object_for_database' function. This makes it possible for authenticated attackers, with Student-level access and above, to elevate their privileges to that of an administrator.
Affected versions: max 2.1.7.
Status: vulnerable

LMS by Masteriyo &#8211; WordPress Learning Management System, eLearning Platform, Online Education System &amp; Online Course , CVE-2026-4484