CVE-2026-39598 WordPress Academy LMS Pro plugin < 3.5.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2...

PT-2026-50109

Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2...

WordPress Academy LMS Pro plugin < 3.5.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by luc in WordPress Plugin Academy LMS Pro versions 3.5.2...

WordPress Academy LMS Pro plugin <= 3.3.8 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script' vulnerability

Unauthenticated Sensitive Information Exposure via 'enqueuesocialloginscript' vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin Academy LMS Pro versions = 3.3.8...

CVE-2025-12098 Academy LMS Pro <= 3.3.8 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script'

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.8 via the 'enqueuesocialloginscript' function. This makes it possible for unauthenticated attackers to extract...

CVE-2025-12098 Academy LMS Pro <= 3.3.8 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script'

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.8 via the 'enqueuesocialloginscript' function. This makes it possible for unauthenticated attackers to extract...

WordPress Academy LMS Pro plugin <= 3.3.7 - Unauthenticated Privilege Escalation via Social Login Addon vulnerability

Unauthenticated Privilege Escalation via Social Login Addon vulnerability discovered by Thái An in WordPress Plugin Academy LMS Pro versions = 3.3.7...

CVE-2025-11086 Academy LMS Pro <= 3.3.7 - Unauthenticated Privilege Escalation via Social Login Addon

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.7. This is due to the plugin not properly validating a user's role prior to registering a user via the Social Login addon. Th...

CVE-2025-11086 Academy LMS Pro <= 3.3.7 - Unauthenticated Privilege Escalation via Social Login Addon

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.7. This is due to the plugin not properly validating a user's role prior to registering a user via the Social Login addon. Th...