VYPR

Academy Lms

by Kodezen

CVEs (13)

  • CVE-2024-1505HigMar 13, 2024
    risk 0.50cvss 8.8epss 0.01

    The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saved_user_info() function. This…

  • CVE-2024-33912HigMay 6, 2024
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16.

  • CVE-2026-25372MedFeb 19, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.5.3.

  • CVE-2025-68527MedDec 24, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kodezen LLC Academy LMS academy allows Stored XSS.This issue affects Academy LMS: from n/a through <= 3.4.0.

  • CVE-2025-12099HigNov 8, 2025
    risk 0.40cvss 7.2epss 0.00

    The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.3.8 via deserialization of untrusted input in the 'import_all_courses' function. This makes it possible for…

  • CVE-2025-59562MedSep 22, 2025
    risk 0.36cvss 5.5epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.3.4.

  • CVE-2025-12098MedNov 8, 2025
    risk 0.34cvss 5.3epss 0.00

    The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.8 via the 'enqueue_social_login_script' function. This makes it possible for unauthenticated…

  • CVE-2024-35171MedMay 14, 2024
    risk 0.34cvss 5.3epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.25.

  • CVE-2024-37234LowJul 6, 2024
    risk 0.23cvss 3.5epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4.

  • CVE-2023-53876Dec 15, 2025
    risk 0.00cvss epss 0.00

    Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and…

  • CVE-2024-38701Jul 22, 2024
    risk 0.00cvss epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4.

  • CVE-2022-47131Feb 3, 2023
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.

  • CVE-2022-47130Feb 3, 2023
    risk 0.00cvss epss 0.01

    A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page.