Academy Learning Management System <5.9.1 - Cross-Site Scripting

Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

CVE-2026-25372

Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through = 3.5.3...

CVE-2025-15521 Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.5.0 - Unauthenticated Privilege Escalation via Account Takeover

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password...

CVE-2023-4973

A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument...

CVE-2022-38553

Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the Search parameter...

CVE-2023-4119

A vulnerability has been found in Academy LMS 6.0 and classified as problematic. This vulnerability affects unknown code of the file /academy/home/courses. The manipulation of the argument query/sortby leads to cross site scripting. The attack can be initiated remotely. VDB-235966 is the identifi...

CVE-2023-53876

CVE-2023-53876 affects Academy LMS 6.1 and is a file-upload vulnerability that lets authenticated users upload malicious SVGs containing stored XSS via the profile avatar upload feature by altering extensions and embedding JavaScript. Root cause: lax file-type handling permitting SVG execution. I...

PT-2025-45559

Name of the Vulnerable Software and Affected Versions Academy LMS – WordPress LMS Plugin for Complete eLearning Solution versions prior to 3.3.9 Description The software is susceptible to a PHP Object Injection due to deserialization of untrusted input within the import all courses function. This...

CVE-2025-59562

CVE-2025-59562 concerns the Academy LMS WordPress plugin. The issue is described as an Insecure Direct Object Reference / Missing Authorization (Authorization Bypass Through User-Controlled Key) that affects Academy LMS versions up to 3.3.4. Patch status in the CVE entry shows a fix, with the aff...

PT-2025-39040

Name of the Vulnerable Software and Affected Versions Academy LMS versions through 3.3.4 Description An authorization bypass exists due to incorrectly configured access control security levels. This allows exploitation through user-controlled keys. Recommendations Update Academy LMS to a version...

CVE-2024-35171

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.25...

PT-2024-25545 · Unknown · Academy Lms

Name of the Vulnerable Software and Affected Versions: Academy LMS versions 1.9.16 and earlier Description: The issue is related to a Missing Authorization vulnerability in Academy LMS. Recommendations: For versions 1.9.16 and earlier, update to a version that includes a fix for this issue, as no...

Creativeitem Academy-LMS Cross-Site Scripting Vulnerability

Creativeitem Academy-LMS is an online learning platform from Creativeitem, Inc. A cross-site scripting vulnerability exists in Creativeitem Academy-LMS version 6.0, which stems from the parameter query/sortby in the file /academy/home/courses that causes cross-site scripting...

CVE-2022-47132

A Cross-Site Request Forgery CSRF in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users...

CVE-2022-47130

A Cross-Site Request Forgery CSRF in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page...

Academy Learning Management System 跨站脚本漏洞

Academy Learning Management System is an Academy Learning Management System from the Creativeitem team. A security vulnerability exists in Academy Learning Management System versions prior to v5.10, which can be exploited by an attacker to create arbitrary pages...

Academy Learning Management System 跨站请求伪造漏洞

Academy Learning Management System is an Academy Learning Management System by Creativeitem team. A security vulnerability exists in versions of Academy LMS prior to v5.10, which can be exploited by an attacker to add an administrator user...

Academy Learning Management System Reflective Cross-Site Scripting Vulnerability

Academy Learning Management System is an Academy Learning Management System from the Creativeitem team. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data in the Search parameter, which could be exploited to launch a reflective cross-site scripting...

CVE-2022-38553

Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the Search parameter...

CVE-2022-38553

Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the Search parameter...