4 matches found
EUVD-2026-41250
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.8.1. This is due to the '/topics' REST API endpoint being registered with a permission callback set to 'returntrue',...
CVE-2026-25372 WordPress Academy LMS plugin <= 3.5.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through = 3.5.3...
WordPress Plugin Academy LMS Elevation of Privilege Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress plugin Academy LMS due to the...
WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control on Paid Courses vulnerability
Broken Access Control on Paid Courses vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Academy LMS versions = 1.9.16...