CVE-2026-5167 | Masteriyo LMS Plugin up to 2.1.7 on WordPress Webhook Endpoint handle_webhook order_id authorization

Inserito da Angelo Barbosa | Apr 8, 2026 | CVE

A vulnerability was found in Masteriyo LMS Plugin up to 2.1.7 on WordPress. It has been rated as critical. Affected by this issue is the function handle_webhook of the component Webhook Endpoint. The manipulation of the argument order_id leads to authorization bypass.

This vulnerability is uniquely identified as CVE-2026-5167. The attack is possible to be carried out remotely. No exploit exists.

CVE-2026-5167 | Masteriyo LMS Plugin up to 2.1.7 on WordPress Webhook Endpoint handle_webhook order_id authorization

Post correlati

CVE-2025-1164 | code-projects Police FIR Record Management System 1.0 stack-based overflow

CVE-2024-5882 | Ultimate Classified Listings Plugin up to 1.2 on WordPress ucl_page/layout access control

CVE-2026-5286 | Google Chrome up to 146.0.7680.165 Dawn use after free (ID 493900)

CVE-2025-10494 | Motors Plugin up to 1.4.89 on WordPress denial of service