Academy Lms
by Kodezen
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-1505 | Hig | 0.50 | 8.8 | 0.01 | Mar 13, 2024 | The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saved_user_info() function. This… | ||
| CVE-2024-33912 | Hig | 0.46 | 7.1 | 0.00 | May 6, 2024 | Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16. | ||
| CVE-2026-25372 | Med | 0.42 | 6.5 | 0.00 | Feb 19, 2026 | Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.5.3. | ||
| CVE-2025-68527 | Med | 0.42 | 6.5 | 0.00 | Dec 24, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kodezen LLC Academy LMS academy allows Stored XSS.This issue affects Academy LMS: from n/a through <= 3.4.0. | ||
| CVE-2025-12099 | Hig | 0.40 | 7.2 | 0.00 | Nov 8, 2025 | The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.3.8 via deserialization of untrusted input in the 'import_all_courses' function. This makes it possible for… | ||
| CVE-2025-59562 | Med | 0.36 | 5.5 | 0.00 | Sep 22, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.3.4. | ||
| CVE-2025-12098 | Med | 0.34 | 5.3 | 0.00 | Nov 8, 2025 | The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.8 via the 'enqueue_social_login_script' function. This makes it possible for unauthenticated… | ||
| CVE-2024-35171 | Med | 0.34 | 5.3 | 0.01 | May 14, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.25. | ||
| CVE-2024-37234 | Low | 0.23 | 3.5 | 0.00 | Jul 6, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4. | ||
| CVE-2023-53876 | 0.00 | — | 0.00 | Dec 15, 2025 | Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and… | |||
| CVE-2024-38701 | 0.00 | — | 0.00 | Jul 22, 2024 | Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4. | |||
| CVE-2022-47131 | 0.00 | — | 0.00 | Feb 3, 2023 | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page. | |||
| CVE-2022-47130 | 0.00 | — | 0.01 | Feb 3, 2023 | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page. |
- risk 0.50cvss 8.8epss 0.01
The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saved_user_info() function. This…
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.5.3.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kodezen LLC Academy LMS academy allows Stored XSS.This issue affects Academy LMS: from n/a through <= 3.4.0.
- risk 0.40cvss 7.2epss 0.00
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.3.8 via deserialization of untrusted input in the 'import_all_courses' function. This makes it possible for…
- risk 0.36cvss 5.5epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.3.4.
- risk 0.34cvss 5.3epss 0.00
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.8 via the 'enqueue_social_login_script' function. This makes it possible for unauthenticated…
- risk 0.34cvss 5.3epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.25.
- risk 0.23cvss 3.5epss 0.00
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4.
- CVE-2023-53876Dec 15, 2025risk 0.00cvss —epss 0.00
Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and…
- CVE-2024-38701Jul 22, 2024risk 0.00cvss —epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4.
- CVE-2022-47131Feb 3, 2023risk 0.00cvss —epss 0.00
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.
- CVE-2022-47130Feb 3, 2023risk 0.00cvss —epss 0.01
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page.