vulnerability
WordPress Plugin: learning-management-system-pro: CVE-2025-53209: Incorrect Privilege Assignment
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Jul 1, 2025 | Jul 10, 2025 | Jun 3, 2026 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Jul 1, 2025
Added
Jul 10, 2025
Modified
Jun 3, 2026
Description
The Masteriyo LMS PRO plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.20.0. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.
Solution
learning-management-system-pro-plugin-cve-2025-53209
References
- https://www.cve.org/CVERecord?id=CVE-2025-53209
- https://www.wordfence.com/threat-intel/vulnerabilities/id/67890f13-df93-4c1d-aabe-a90437183bbd?source=api-prod
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-210035
- CVE-2025-53209
- https://attackerkb.com/topics/CVE-2025-53209
- CWE-266
- EUVD-EUVD-2025-210035
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.