CVE-2026-5207 LifterLMS <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter

The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

EUVD-2025-19292

Malicious code in bioql PyPI...

EUVD-2023-58410

Malicious code in bioql PyPI...

EUVD-2024-50986

Malicious code in bioql PyPI...

EUVD-2024-48287

Malicious code in bioql PyPI...

EUVD-2025-6718

Malicious code in bioql PyPI...

EUVD-2024-29259

Malicious code in bioql PyPI...

CVE-2025-52717

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in chrisbadgett LifterLMS lifterlms allows SQL Injection.This issue affects LifterLMS: from n/a through = 8.0.6...

CVE-2025-52717 WordPress LifterLMS plugin <= 8.0.6 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in chrisbadgett LifterLMS allows SQL Injection. This issue affects LifterLMS: from n/a through 8.0.6...

PT-2025-27116 · Lifterlms · Lifterlms

Name of the Vulnerable Software and Affected Versions: LifterLMS versions n/a through 8.0.6 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

CVE-2024-12596

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to arbitrary post deletion due to a missing capability check on the 'llmsdeletecert' action in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with...

CVE-2023-6160

The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybeserveexport function. This makes it possible for authenticated attackers, with administrator or LMS manager access and above, to read t...

CVE-2024-13619

The LifterLMS WordPress plugin before 8.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13619

The CVE-2024-13619 entry concerns the WordPress plugin LifterLMS prior to 8.0.1. The vulnerability is a Reflected XSS caused by insufficient sanitisation/escaping of an input parameter before it is echoed back on the page, which could impact high-privilege users such as admins. Public references ...

WordPress plugin LifterLMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-2290

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the deleteaccessplan function and the related AJAX calls in all versions up to, and including, 8.0.1. This makes it possible for...

CVE-2025-2290

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the deleteaccessplan function and the related AJAX calls in all versions up to, and including, 8.0.1. This makes it possible for...

CVE-2025-2290

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the deleteaccessplan function and the related AJAX calls in all versions up to, and including, 8.0.1. This makes it possible for...

CVE-2025-2290

CVE-2025-2290 affects the LifterLMS WordPress plugin (versions up to and including 8.0.1). The issue is an unauthenticated post trashing vulnerability caused by a missing capability check in the delete_access_plan function and related AJAX handlers. Impact per sources is that an unauthenticated a...

CVE-2025-2290 LifterLMS <= 8.0.1 - Missing Authorization to Unauthenticated Post Trashing

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the deleteaccessplan function and the related AJAX calls in all versions up to, and including, 8.0.1. This makes it possible for...