Skip to main content

Masteriyo

3 CVEs product

Monthly

CVE-2024-10008 MEDIUM This Month

The Masteriyo LMS - eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Masteriyo
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-10000 MEDIUM This Month

The Masteriyo LMS - eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the question's content parameter in all versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Masteriyo
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-3345 MEDIUM POC This Month

The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Masteriyo
NVD WPScan
CVSS 3.1
6.5
EPSS
1.9%
EPSS 1% CVSS 6.5
MEDIUM This Month

The Masteriyo LMS - eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Masteriyo
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The Masteriyo LMS - eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the question's content parameter in all versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Masteriyo
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Masteriyo
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy