CVE-2026-11773: The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypas
mediumvulnerability
security
Summary
The Masteriyo LMS plugin for WordPress (used to build online courses) has an authorization bypass vulnerability in versions up to 2.2.1, meaning the plugin fails to properly check if a user has permission to perform actions. Students or low-level users can exploit this flaw to modify course announcement descriptions that were created by instructors or administrators.
Vulnerability Details
CVSS Score
4.3(medium)
EPSS (30-day exploit probability)
EPSS: 0.1%
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
network
Attack Complexity
low
Privileges Required
low
User Interaction
none
Disclosure Date
June 27, 2026
Classification
Attack SophisticationModerate
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-11773
First tracked: June 27, 2026 at 02:24 PM
Classified by LLM (prompt v3) · confidence: 95%