Stored Cross-Site Scripting Vulnerability in Masteriyo Learning Management System
CVE-2025-54699

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
Masteriyo - Lms
Vendor
CVE Published:
14 August 2025

What is CVE-2025-54699?

A Stored Cross-Site Scripting (XSS) vulnerability in the Masteriyo Learning Management System allows attackers to inject malicious scripts, which can be executed within the context of users' browsers. This flaw is present in versions ranging from n/a to 1.18.3, potentially exposing sensitive user data and compromising site integrity. Proper input validation and sanitization measures are essential to mitigate the risks associated with this vulnerability.

Affected Version(s)

Masteriyo - LMS <= 1.18.3

References

https://patchstack.com/database/wordpress/plugin/learning...
vdb-entry

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Denver Jackson (Patchstack Alliance)
.
CVE-2025-54699 : Stored Cross-Site Scripting Vulnerability in Masteriyo Learning Management System