2 matches found
CVE-2025-12098 Academy LMS Pro <= 3.3.8 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script'
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.8 via the 'enqueuesocialloginscript' function. This makes it possible for unauthenticated attackers to extract...
CVE-2025-12098
CVE-2025-12098 affects Academy LMS Pro (WordPress plugin) up to version 3.3.8, exposing sensitive data via enqueue_social_login_script. Unauthenticated attackers could exfiltrate secrets (e.g., Facebook App Secret) when Facebook Social Login is enabled. Mitigation: update to 3.3.9 or later (patch...