Exploit for CVE-2025-15521

CVE-2025-15521 The Academy LMS – WordPress LMS Plugin for Comp...

PT-2026-20714

Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through = 3.5.3...

CVE-2025-71179

Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/coursebundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whic...

CVE-2025-15521

The CVE-2025-15521 entry describes an unauthenticated privilege-escalation in the Academy LMS – WordPress LMS Plugin for Complete eLearning Solution, affecting versions up to 3.5.0. The root cause is improper identity validation during password updates: the reset handler accepts a publicly expose...

CVE-2023-53876

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable...

CVE-2024-32714

Missing Authorization vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.16...

CVE-2024-33912

Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16...

CVE-2022-47132

A Cross-Site Request Forgery CSRF in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users...