GHSA-xp2v-x6vp-vp42MediumCVSS 6.5

The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a...

Published
June 25, 2026
Last Modified
June 25, 2026

🔗 CVE IDs covered (1)

📋 Description

The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user's course-progress records.

🔗 References (3)