Description
Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation.

This issue affects Masteriyo LMS PRO: from n/a through 2.20.0.
Published: 2026-06-02
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is an incorrect privilege assignment flaw that allows a user to elevate their rights beyond the intended level. It is classified as a high severity flaw with a CVSS score of 9.8 and is identified as CWE-266.

Affected Systems

The flaw affects Themeisle Masteriyo LMS PRO, with all releases up through 2.20.0 vulnerable. Users must check that their instance is not running a version earlier than 2.20.1 which contains the fix.

Risk and Exploitability

The CVSS score indicates a critical impact and the lack of a listed KEV status suggests an absence of known public exploitation, though the EPSS score is not available. The attack vector is not explicitly stated in the description; based on the nature of privilege assignment issues it is inferred that an attacker would need the ability to create or edit content within the LMS or have a user account with limited permissions to misuse the flaw. Exploitation would raise the attacker’s privileges to a level that permits management or full administrative functions within the LMS.

Generated by OpenCVE AI on June 2, 2026 at 11:20 UTC.

Remediation

Vendor Solution

Update the WordPress Masteriyo LMS PRO plugin to the latest available version (at least 2.20.1).

OpenCVE Recommended Actions

  • Update the Masteriyo LMS PRO plugin to version 2.20.1 or later.
  • Immediately adjust user role capabilities to limit any privileged actions that could be abused until the update can be applied.
  • Continuously monitor administrative logs for unexpected privilege changes to detect any attempted exploitation.

Generated by OpenCVE AI on June 2, 2026 at 11:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Themeisle
Themeisle masteriyo Lms Pro
Wordpress
Wordpress wordpress
Vendors & Products Themeisle
Themeisle masteriyo Lms Pro
Wordpress
Wordpress wordpress

Tue, 02 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 02 Jun 2026 10:00:00 +0000

Type Values Removed Values Added
Description Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0.
Title WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability
Weaknesses CWE-266
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Themeisle Masteriyo Lms Pro
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-02T10:43:09.589Z

Reserved: 2025-06-27T10:27:45.005Z

Link: CVE-2025-53209

cve-icon Vulnrichment

Updated: 2026-06-02T10:43:04.658Z

cve-icon NVD

Status : Deferred

Published: 2026-06-02T10:16:19.847

Modified: 2026-06-02T13:03:31.153

Link: CVE-2025-53209

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T20:51:40Z

Weaknesses