204 matches found
CVE-2021-24185
The tutorplacerating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students...
CVE-2020-8615
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions such as blocking legitimate instructors...
CVE-2020-27481
An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query witho...
CVE-2025-27353 WordPress Namaste! LMS Plugin <= 2.6.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Bob Namaste! LMS namaste-lms allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through = 2.6.5...
CVE-2022-45820
SQL Injection SQLi vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions...
CVE-2024-2411
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code i...
CVE-2024-4902
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘courseid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...
CVE-2024-4318
The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘questionid’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
PT-2025-3902 · WordPress · Sensei Lms
Name of the Vulnerable Software and Affected Versions: Sensei LMS WordPress plugin versions prior to 4.24.4 Description: The issue concerns the inadequate protection of some REST API routes in the Sensei LMS WordPress plugin, allowing unauthenticated attackers to leak information related to sense...
CVE-2024-13599
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.7.5 due to insufficient input sanitization and output escaping of a lesson name. This makes it possible for authenticated attackers, with LP...
CVE-2024-53809 WordPress Namaste! LMS plugin <= 2.6.4.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Bob Namaste! LMS namaste-lms allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through = 2.6.4.1...
CVE-2024-10400
The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘ratingfilter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
WordPress Tutor LMS Plugin <= 2.7.6 is vulnerable to SQL Injection
Software Tutor LMS Type Plugin Vulnerable versions = 2.7.6 Fixed in 2.7.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10400 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d0515de5a39b Credits mikemyers Required privilege Unauthenticated Publishe...
CVE-2024-9270
CVE-2024-9270 is active in Lenxel Core LMS (Lenxel Core) WordPress plugin prior to 1.2.3, vulnerable to Stored XSS via SVG file uploads due to insufficient input sanitization and output escaping. Affected versions up to 1.1 allow an authenticated attacker (Author+ level) to inject scripts in page...
WordPress Lenxel Core for Lenxel(LNX) LMS Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)
Software Lenxel Core for LenxelLNX LMS Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9270 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID bea8ca18e070 Credits Francesco...
CVE-2024-10008
CVE-2024-10008 – Masteriyo LMS (WordPress) : Versions up to 1.13.3 are affected. An attacker with student-level access or higher can exploit missing authorization checks on the REST endpoint /wp-json/masteriyo/v1/users/$id to modify arbitrary user roles, enabling privilege escalation to Administr...
WordPress Masteriyo - LMS Plugin <= 1.13.3 is vulnerable to Cross Site Scripting (XSS)
Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.13.3 Fixed in 1.13.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10000 Patch priority Low CVSS severity Low 6.5 Developer Masteriyo PSID 896bb27d11e1 Credits floerer Required privilege...
WordPress Namaste! LMS plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin Namaste! LMS versions = 2.6.2...
CVE-2024-8529
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2024-8529 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields'
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...