VYPR

Learning Management System

by WordPress

Source repositories

CVEs (39)

  • CVE-2026-49111HigJun 15, 2026
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0.

  • CVE-2026-39405CriMay 20, 2026
    risk 0.54cvss epss 0.00

    Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in…

  • CVE-2025-64270MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects Masteriyo - LMS: from n/a through <= 2.0.3.

  • CVE-2024-33939MedMay 19, 2025
    risk 0.35cvss 5.3epss 0.01

    Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.3.

  • CVE-2026-5167MedApr 8, 2026
    risk 0.27cvss 5.3epss 0.00

    The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the…

  • CVE-2022-38553Sep 26, 2022
    risk 0.02cvss epss 0.02

    Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.

  • CVE-2026-26977Feb 20, 2026
    risk 0.00cvss epss 0.00

    Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release.

  • CVE-2020-36944Jan 28, 2026
    risk 0.00cvss epss 0.00

    ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the…

  • CVE-2026-23497Jan 14, 2026
    risk 0.00cvss epss 0.00

    Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In 2.44.0 and earlier, there is a stored XSS vulnerability where a specially crafted image filename could execute malicious JavaScript when rendered on course or jobs pages.

  • CVE-2025-67734Dec 12, 2025
    risk 0.00cvss epss 0.00

    Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company Website field of the Job Form, exposing users to an XSS attack. The script…

  • CVE-2025-67730Dec 12, 2025
    risk 0.00cvss epss 0.00

    Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in…

  • CVE-2025-66581Dec 5, 2025
    risk 0.00cvss epss 0.00

    Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.41.0, a flaw in the server-side authorization logic allowed authenticated users to perform actions beyond their assigned roles across multiple features. Because the…

  • CVE-2025-46102Jul 17, 2025
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version V.5.4.3 allows a remote attacker to obtain sensitive information via the URL parameter

  • CVE-2025-46101Jun 23, 2025
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version before 5.4.3 allows a remote attacker to obtain sensitive information via the ks parameter in json_scorm.php file

  • CVE-2024-54933Dec 9, 2024
    risk 0.00cvss epss 0.00

    Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.

  • CVE-2024-54931Dec 9, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.

  • CVE-2024-54926Dec 9, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.

  • CVE-2024-54921Dec 9, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters.

  • CVE-2024-54934Dec 9, 2024
    risk 0.00cvss epss 0.00

    Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.

  • CVE-2024-54935Dec 9, 2024
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.

Page 1 of 2