Critical severity9.3NVD Advisory· Published Jun 27, 2025· Updated Apr 23, 2026

CVE-2025-52717

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chrisbadgett LifterLMS lifterlms allows SQL Injection.This issue affects LifterLMS: from n/a through <= 8.0.6.

Affected products

Lifterlms/Lifterlms
cpe:2.3:a:lifterlms:lifterlms:*:*:*:*:*:wordpress:*:*
Range: <8.0.7

Patches

968e960e8df0

https://github.com/gocodebox/lifterlmsvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

patchstack.com/database/Wordpress/Plugin/lifterlms/vulnerability/wordpress-lifterlms-8-0-6-sql-injection-vulnerabilitynvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.605
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000