8 matches found
CVE-2025-12098
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.8 via the 'enqueuesocialloginscript' function. This makes it possible for unauthenticated attackers to extract...
EUVD-2025-38366
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.8 via the 'enqueuesocialloginscript' function. This makes it possible for unauthenticated attackers to extract...
CVE-2025-12098
CVE-2025-12098 affects Academy LMS Pro (WordPress plugin) up to version 3.3.8, exposing sensitive data via enqueue_social_login_script. Unauthenticated attackers could exfiltrate secrets (e.g., Facebook App Secret) when Facebook Social Login is enabled. Mitigation: update to 3.3.9 or later (patch...
CVE-2025-12098 Academy LMS Pro <= 3.3.8 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script'
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.8 via the 'enqueuesocialloginscript' function. This makes it possible for unauthenticated attackers to extract...
CVE-2025-12098 Academy LMS Pro <= 3.3.8 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script'
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.8 via the 'enqueuesocialloginscript' function. This makes it possible for unauthenticated attackers to extract...
PT-2025-45558
Name of the Vulnerable Software and Affected Versions Academy LMS – WordPress LMS Plugin for Complete eLearning Solution versions prior to 3.3.9 Description The Academy LMS – WordPress LMS Plugin for WordPress is susceptible to sensitive information disclosure. Specifically, the enqueue social...
Liberapay: Leaking Of Sensitive Information on Github
Summary: Sensitive Data were leaked in https://github.com/liberapay/liberapay.com Steps To Reproduce: 1. Install gitleaks from https://github.com/zricethezav/gitleaks 2. Run the following command in a Linux terminal gitleaks -v --pretty -r=https://github.com/liberapay/liberapay.com The following...
Distributed Denial Of Service (DDoS)
botkit is vulnerable to distributed denial of service DDoS attacks. These attacks are possible because it does not validate the X-HUB signature sent in the headers against the facebook app secret. This allows attackers to send arrays with a large amount of data in them to botkit and lock the...