2 matches found
WordPress Academy LMS plugin <= 3.3.8 - Authenticated (Administrator+) PHP Object Injection via 'import_all_courses' vulnerability
Authenticated Administrator+ PHP Object Injection via 'importallcourses' vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin Academy LMS versions = 3.3.8...
CVE-2025-12099 Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.3.8 - Authenticated (Administrator+) PHP Object Injection via 'import_all_courses'
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.3.8 via deserialization of untrusted input in the 'importallcourses' function. This makes it possible for authenticated...