WordPress Plugin Vulnerabilities

Masteriyo LMS < 2.1.7 - Subscriber+ Privilege Escalation

Description

The plugin is vulnerable to Privilege Escalation due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare_object_for_database' function. This makes it possible for authenticated attackers, with Student-level access and above, to elevate their privileges to that of an administrator.

Proof of Concept

Affects Plugins

Plugin icon
learning-management-system
Fixed in 2.1.7

References

CVE
CVE-2026-4484
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/265be0af-66a4-4636-ab81-f8e2c5a1282e

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Hunter Jensen (skid)
Verified
Yes
WPVDB ID
679318f4-759c-4017-b3e1-4d809daa3f6b

Timeline

Publicly Published
2026-03-25 (about 2 months ago)
Added
2026-03-25 (about 2 months ago)
Last Updated
2026-05-25 (about 10 hours ago)

Other

Published
Title
Published
2024-09-30
Title
KB Support < 1.6.7 - Subscriber+ Multiple Administrator Actions
Published
2024-04-05
Title
Bricksforge < 2.1.1 - Missing Authorization to Unauthenticated WordPress Settings Deletion
Published
2026-02-13
Title
Starfish Review Generation & Marketing for WordPress < 3.1.20 - Authenticated (Subscriber+) Arbitrary Options Update via srm_restore_options_defaults
Published
2026-04-16
Title
Tutor LMS < 3.9.9 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order
Published
2024-05-15
Title
Tutor LMS < 2.7.1 - Missing Authorization