{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4484", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-03-20T07:04:46.566Z", "datePublished": "2026-03-26T01:25:33.967Z", "dateUpdated": "2026-04-08T16:42:43.176Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:42:43.176Z"}, "affected": [{"vendor": "masteriyo", "product": "Masteriyo LMS \u2013 Online Course Builder for eLearning, LMS & Education", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.1.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare_object_for_database' function. This makes it possible for authenticated attackers, with Student-level access and above, to elevate their privileges to that of an administrator."}], "title": "Masteriyo LMS <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/265be0af-66a4-4636-ab81-f8e2c5a1282e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/learning-management-system/tags/2.1.6/includes/RestApi/Controllers/Version1/InstructorsController.php#L305"}, {"url": "https://plugins.trac.wordpress.org/changeset/3490792/learning-management-system/trunk/includes/RestApi/Controllers/Version1/InstructorsController.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Hunter Jensen"}], "timeline": [{"time": "2026-03-20T15:14:38.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-03-25T12:44:04.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4484", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-26T17:36:49.719811Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T17:51:16.520Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4484", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-26T17:36:49.719811Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T17:48:54.148Z"}}], "cna": {"title": "Masteriyo LMS <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator", "credits": [{"lang": "en", "type": "finder", "value": "Hunter Jensen"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "masteriyo", "product": "Masteriyo LMS \u2013 Online Course Builder for eLearning, LMS & Education", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.1.6"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-03-20T15:14:38.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-03-25T12:44:04.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/265be0af-66a4-4636-ab81-f8e2c5a1282e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/learning-management-system/tags/2.1.6/includes/RestApi/Controllers/Version1/InstructorsController.php#L305"}, {"url": "https://plugins.trac.wordpress.org/changeset/3490792/learning-management-system/trunk/includes/RestApi/Controllers/Version1/InstructorsController.php"}], "descriptions": [{"lang": "en", "value": "The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare_object_for_database' function. This makes it possible for authenticated attackers, with Student-level access and above, to elevate their privileges to that of an administrator."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-03-26T01:25:33.967Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4484", "state": "PUBLISHED", "dateUpdated": "2026-03-26T17:51:16.520Z", "dateReserved": "2026-03-20T07:04:46.566Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-03-26T01:25:33.967Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare_object_for_database' function. This makes it possible for authenticated attackers, with Student-level access and above, to elevate their privileges to that of an administrator."}, {"lang": "es", "value": "El plugin Masteriyo LMS para WordPress es vulnerable a una escalada de privilegios en todas las versiones hasta la 2.1.6, inclusive. Esto se debe a que el plugin permite a un usuario actualizar el rol de usuario a trav\u00e9s de la funci\u00f3n 'InstructorsController::prepare_object_for_database'. Esto hace posible que atacantes autenticados, con acceso de nivel de Estudiante o superior, eleven sus privilegios a los de un administrador."}], "id": "CVE-2026-4484", "lastModified": "2026-04-24T16:35:20.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2026-03-26T02:16:07.913", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/learning-management-system/tags/2.1.6/includes/RestApi/Controllers/Version1/InstructorsController.php#L305"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3490792/learning-management-system/trunk/includes/RestApi/Controllers/Version1/InstructorsController.php"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/265be0af-66a4-4636-ab81-f8e2c5a1282e?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.1.6]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Masteriyo LMS \u2013 Online Course Builder for eLearning, LMS & Education", "source": "cna", "vendor": "masteriyo"}, "product": "masteriyo_lms_\u2013_online_course_builder_for_elearning,_lms_&_education", "vendor": "masteriyo"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-08T18:55:50.387688+00:00", "value": {"mitigation_remediation": ["Update Masteriyo LMS to the latest version that removes the missing authorization check. This is the only officially recommended fix.", "If an immediate upgrade is not possible, revoke or reduce any user privileges that are not strictly necessary, especially for instructors and other high\u2011risk roles.", "Monitor audit logs for unexpected role\u2011change activity and enforce strict role\u2011based access controls."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation to Administrator"}, "threat_synthesis": {"affected_systems": "The Masteriyo LMS plugin for WordPress is affected in all releases up to and including version\u00a02.1.6. The vulnerability applies to the plugin\u2019s REST API endpoints responsible for instructor and role management. Site owners using Masteriyo LMS before the official fix should review which users have elevated privileges and audit role assignments.", "description_and_impact": "The vulnerability arises from missing authorization checks in the plugin\u2019s API controller, allowing any authenticated user with Student or higher permissions to change user roles. An attacker who is logged in can promote themselves or other users to the Administrator role, giving full control over the site and access to all data and configuration. This type of flaw is a classic missing authorization weakness (CWE\u2011862) and can lead to complete compromise of the WordPress installation.", "risk_and_exploitability": "The CVSS rating of 8.8 indicates a high severity, and the EPSS score of less than 1\u202f% suggests that the probability of current exploitation is low, though the risk remains significant if a breach is achieved. The flaw is listed as a privilege escalation that requires authenticated access; an attacker would need valid credentials with at least Student rights to exploit it. Because the issue is not in the CISA KEV catalog, there are no confirmed public exploits known at this time."}}}}, "created": "2026-03-26T11:30:50.331988+00:00", "updated": "2026-04-08T20:01:15.035919+00:00", "vendors": ["masteriyo", "masteriyo$PRODUCT$masteriyo_lms_\u2013_online_course_builder_for_elearning,_lms_&_education", "wordpress", "wordpress$PRODUCT$wordpress"]}