Unauthenticated Broken Authentication in Masteriyo - Learning Management System
CVE-2026-42743

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Masteriyo - Lms
Vendor: CVE Published:; 15 June 2026

What is CVE-2026-42743?

The Masteriyo Learning Management System plugin for WordPress suffers from a vulnerability that allows unauthenticated users to exploit broken authentication mechanisms. This flaw can potentially grant unauthorized access to sensitive administrative functions, compromising the integrity and confidentiality of user data and system settings. It's crucial for administrators to review and remediate affected installations promptly to avoid potential security breaches.

Affected Version(s)

Masteriyo - LMS <= 2.1.8

References

https://patchstack.com/database/wordpress/plugin/learning...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

HieuPenguinnn | Patchstack Bug Bounty Program

CVE-2026-42743 Data

JSON