Lucene search
K

204 matches found

Vulnrichment
Vulnrichment
added 2026/01/22 4:51 p.m.4 views

CVE-2025-47555 WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.4...

3.8CVSS5.9AI score0.00295EPSS
Exploits0References1
NVD
NVD
added 2026/01/21 2:15 a.m.16 views

CVE-2025-15521

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password...

9.8CVSS0.00354EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/21 1:23 a.m.9 views

EUVD-2026-3698

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password...

9.8CVSS5.8AI score0.00354EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2026/01/21 12:0 a.m.9 views

VulnCheck KEV: CVE-2025-15521

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password...

9.8CVSS5.9AI score0.00354EPSS
In wildExploits1References2
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.6 views

WordPress Plugin Academy LMS – WordPress LMS Plugin for a Complete eLearning Solution Security Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

9.8CVSS5.8AI score0.00354EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.13 views

PT-2026-3751

Name of the Vulnerable Software and Affected Versions Academy LMS – WordPress LMS Plugin for Complete eLearning Solution versions prior to 3.5.1 Description The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution is susceptible to privilege escalation through account takeover. The...

9.8CVSS5.4AI score0.00354EPSS
Exploits1References14
Patchstack
Patchstack
added 2026/01/20 10:52 p.m.13 views

WordPress Creator LMS - The LMS for Creators, Coaches, and Trainers plugin <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update vulnerability

WordPress Creator LMS - The LMS for Creators, Coaches, and Trainers plugin = 1.1.12 - Missing Authorization to Authenticated Contributor+ Arbitrary Options Update vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Creator LMS versions = 1.1.12...

8.8CVSS5.5AI score0.00271EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/20 2:26 p.m.5 views

CVE-2025-15347 Creator LMS – The LMS for Creators, Coaches, and Trainers <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update

The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the getitemspermissionscheck function in all versions up to, and including, 1.1.12. This...

8.8CVSS5.7AI score0.00271EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.5 views

WordPress plugin Tutor LMS – eLearning and online course solution has security vulnerabilities.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.8AI score0.00247EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.9 views

CVE-2023-4602

The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'courseid' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.4AI score0.00667EPSS
Exploits1References1
NVD
NVD
added 2026/01/09 8:15 a.m.7 views

CVE-2025-13935

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'markcoursecomplete' function. This makes it possible for authenticated...

4.3CVSS0.00202EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/06 8:21 a.m.3 views

CVE-2025-13766 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.6 Missing Authorization to Authenticated (Subscriber+) Posts and Media Creation, Modification and Deletion

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability checks on multiple REST API endpoints in all versions up to, and including, 3.7.6. This makes it possible for...

5.4CVSS5.1AI score0.00146EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/24 12:31 p.m.2 views

CVE-2025-68527 WordPress Academy LMS plugin <= 3.4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kodezen LLC Academy LMS academy allows Stored XSS.This issue affects Academy LMS: from n/a through = 3.4.0...

6.5CVSS5.6AI score0.00135EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/24 12:31 p.m.30 views

CVE-2025-68527 WordPress Academy LMS plugin <= 3.4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kodezen LLC Academy LMS academy allows Stored XSS.This issue affects Academy LMS: from n/a through = 3.4.0...

6.5CVSS0.00135EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.4 views

WordPress plugin Academy LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS5.9AI score0.00135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/16 2:49 p.m.13 views

CVE-2025-14156

The Fox LMS – WordPress LMS Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.5.1. This is due to the plugin not properly validating the 'role' parameter when creating new users via the /fox-lms/v1/payments/create-order REST API endpoint...

9.8CVSS6.3AI score0.05821EPSS
Exploits1References1
CVE
CVE
added 2025/12/16 4:31 a.m.29 views

CVE-2025-13956

The connected Wordfence vulnerability entry confirms CVE-2025-13956 for LearnPress – WordPress LMS Plugin, affecting all versions up to 4.3.1. It permits unauthenticated actors to view orders statistics (e.g., total revenue summaries and order status counts) due to a missing capability check in t...

5.3CVSS4.9AI score0.00917EPSS
Exploits0References2
NVD
NVD
added 2025/12/15 3:15 p.m.12 views

CVE-2025-14156

The Fox LMS – WordPress LMS Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.5.1. This is due to the plugin not properly validating the 'role' parameter when creating new users via the /fox-lms/v1/payments/create-order REST API endpoint...

9.8CVSS0.05821EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/15 2:25 p.m.11 views

CVE-2025-14156 Fox LMS – WordPress LMS Plugin 1.0.4.7 - 1.0.5.1 - Unauthenticated Privilege Escalation via 'createOrder'

The Fox LMS – WordPress LMS Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.5.1. This is due to the plugin not properly validating the 'role' parameter when creating new users via the /fox-lms/v1/payments/create-order REST API endpoint...

9.8CVSS6AI score0.05821EPSS
Exploits1References2
CVE
CVE
added 2025/12/15 2:25 p.m.43 views

CVE-2025-14156

Fox LMS – WordPress LMS Plugin (versions prior to 1.0.5.1) is vulnerable to unauthenticated privilege escalation via the /fox-lms/v1/payments/create-order endpoint, caused by invalid validation of the 'role' parameter. This allows an attacker to create user accounts with arbitrary roles (includin...

9.8CVSS6AI score0.05821EPSS
Exploits1References2
Rows per page
Query Builder