Skip to main content

Masteriyo Lms Lms Course Builder Quizzes Certificates

1 CVEs product

Monthly

CVE-2026-11773 MEDIUM This Month

Authorization bypass in the Masteriyo LMS WordPress plugin (all versions through 2.2.1) allows authenticated users with student-level access to overwrite the post content of course announcements created by instructors or administrators. The flaw is rooted in missing authorization checks (CWE-862) inside the CourseAnnouncementController addon, meaning any enrolled student can tamper with official communications - exam instructions, policy notices, deadlines - without being detected by the LMS. No public exploit code or active exploitation has been identified at time of analysis; CVSS rates this 4.3 (Medium) reflecting limited integrity-only impact with no confidentiality or availability consequence.

Authentication Bypass WordPress Masteriyo Lms Lms Course Builder Quizzes Certificates
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
EPSS 0% CVSS 4.3
MEDIUM This Month

Authorization bypass in the Masteriyo LMS WordPress plugin (all versions through 2.2.1) allows authenticated users with student-level access to overwrite the post content of course announcements created by instructors or administrators. The flaw is rooted in missing authorization checks (CWE-862) inside the CourseAnnouncementController addon, meaning any enrolled student can tamper with official communications - exam instructions, policy notices, deadlines - without being detected by the LMS. No public exploit code or active exploitation has been identified at time of analysis; CVSS rates this 4.3 (Medium) reflecting limited integrity-only impact with no confidentiality or availability consequence.

Authentication Bypass WordPress Masteriyo Lms Lms Course Builder Quizzes Certificates
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy