CVE-2026-23497

CVE-2026-23497 affects Frappe Learning Management System (LMS) up to and including version 2.44.0, where a stored XSS vulnerability arises from unsanitized image filenames rendered on course and jobs pages. The root cause is image filename handling that allows malicious JavaScript execution. The ...

Frappe Learning Management System 跨站脚本漏洞

Frappe Learning Management System is an easy-to-use open source learning management system from Frappe Open Source. A cross-site scripting vulnerability exists in Frappe Learning Management System version 2.44.0 and prior versions, which stems from a specially crafted image file name that could...

CVE-2024-34919

An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2023-4224

Unrestricted file upload in /main/inc/ajax/dropbox.ajax.php in Chamilo LMS = v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files...

CVE-2023-4226

Unrestricted file upload in /main/inc/ajax/work.ajax.php in Chamilo LMS = v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files...

CVE-2025-13628

CVE-2025-13628 affects Tutor LMS – eLearning and online course solution (WordPress) up to version 3.9.3. The vulnerability results from missing capability checks in bulk_action_handler and coupon_permanent_delete, allowing authenticated users with subscriber-level access or higher to delete, acti...

CVE-2025-64270

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects Masteriyo - LMS: from n/a through = 2.0.3...

CVE-2025-14712

Student Learning Assessment and Support System developed by JHENG GAO has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain test accounts and password...

EUVD-2025-203497

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the plugin's orders...

CVE-2023-53876

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable...

EUVD-2025-203331

Student Learning Assessment and Support System developed by JHENG GAO has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain test accounts and password...

CVE-2025-14712 JHENG GAO｜Student Learning Assessment and Support System - Exposure of Sensitive Information

Student Learning Assessment and Support System developed by JHENG GAO has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain test accounts and password...

CVE-2025-65676

Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images...

CVE-2025-64707 Frappe LMS revoking access did not show immediate effect as roles were cached

Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is...

CVE-2025-60239 WordPress CoSchool LMS plugin <= 1.4.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Codexpert, Inc CoSchool LMS coschool allows Blind SQL Injection.This issue affects CoSchool LMS: from n/a through = 1.4.3...

CVE-2025-64212

CVE-2025-64212 affects the WordPress MasterStudy LMS Pro plugin prior to 4.7.16. The vulnerability is a missing authorization/broken access control issue allowing exploitation due to incorrectly configured access control security levels. Affected component is the WordPress plugin MasterStudy LMS ...

CVE-2025-64212 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

CVE-2025-62779 Frappe Learning users were able to add HTML through input fields in the Job Form

Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in the Job Form...

WordPress plugin Tutor LMS Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

EUVD-2025-34621

Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...