Sensitive Data Exposure in Masteriyo Learning Management System
CVE-2025-64270

Currently unrated

Key Information:

Vendor

WordPress
Status
Masteriyo - Lms
Vendor
CVE Published:
18 December 2025

What is CVE-2025-64270?

The Masteriyo Learning Management System has a vulnerability that can lead to the exposure of sensitive information due to improper management of access controls. This flaw allows an unauthorized entity to retrieve embedded sensitive data, potentially compromising user privacy and system integrity. The issue affects all versions of Masteriyo LMS up to and including 2.0.3, necessitating immediate remediation to safeguard against unauthorized data access.

Affected Version(s)

Masteriyo - LMS <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/lear...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

daroo | Patchstack Bug Bounty Program
JSON
.
CVE-2025-64270 : Sensitive Data Exposure in Masteriyo Learning Management System