CVE-2026-3079

The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filtersorderbyorder' parameter in the 'learndashpropaneltemplate' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user supplied parameter and lack o...

WordPress LearnDash LMS plugin <= 5.0.3 - Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter vulnerability

Authenticated Contributor+ SQL Injection via 'filtersorderbyorder' Parameter vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin LearnDash LMS versions = 5.0.3...

WordPress plugin LearnDash LMS SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2020-7108

The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field...

CVE-2025-10376

The Course Redirects for Learndash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4. This is due to missing nonce validation when processing form submissions on the settings page. This makes it possible for unauthenticated attackers to...

EUVD-2025-33838

The Course Redirects for Learndash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4. This is due to missing nonce validation when processing form submissions on the settings page. This makes it possible for unauthenticated attackers to...

CVE-2025-10376

CVE-2025-10376 : The WordPress plugin Course Redirects for Learndash is affected by a Cross-Site Request Forgery (CSRF) on the Settings page. The issue arises from missing nonce validation, allowing unauthenticated attackers to modify plugin settings if they can trick an administrator. Affected v...

CVE-2025-10376 Course Redirects for Learndash Plugin <= 0.4 - Cross-Site Request Forgery

The Course Redirects for Learndash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4. This is due to missing nonce validation when processing form submissions on the settings page. This makes it possible for unauthenticated attackers to...

WordPress plugin Course Redirects for Learndash 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...

EUVD-2020-27163

Malware in sbrugna...

EUVD-2023-27800

Malicious code in bioql PyPI...

EUVD-2024-49116

Malicious code in bioql PyPI...

WordPress Uncanny Toolkit for LearnDash Plugin <= 3.7.0.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Uncanny Toolkit for LearnDash versions = 3.7.0.3...

CVE-2025-57988

CVE-2025-57988 relates to the Uncanny Toolkit for LearnDash. The vulnerability is a stored cross-site scripting flaw caused by improper neutralization of input during web page generation in the plugin. Affected software ranges to include Uncanny Toolkit for LearnDash versions up to 3.7.x (as refl...

CVE-2024-8350

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgmmanagement/v1/adduser/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group...

CVE-2020-6009

LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection...

WordPress LearnDash LMS Plugin <= 4.20.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by David Ojeda Guijarro in WordPress Plugin LearnDash LMS versions = 4.20.0.1...

CVE-2025-22346

CVE-2025-22346: WordPress Course Migration for LearnDash plugin (versions 1.0.2 through n/a) suffers Server-Side Request Forgery (SSRF). The vulnerability is authenticated (Subscriber+) and is documented in multiple feeds (NVD/RedHat/CVELIST). The CVSS v3.1 base score is 6.4 (Network, Low/Low/No ...

CVE-2024-37438 WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Cross Site Request Forgery.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a before 4.1.4.1...

CVE-2024-37438

CVE-2024-37438 affects WordPress plugin Uncanny Toolkit Pro for LearnDash. A Cross-Site Request Forgery (CSRF) vulnerability exists in Uncanny Toolkit Pro for LearnDash versions before 4.1.4.1, enabling unauthorized actions to be performed by authenticated users. The issue is disclosed in multipl...