VYPR

Lms Plugin

by WordPress

CVEs (2)

  • CVE-2025-13542CriDec 2, 2025
    risk 0.64cvss 9.8epss 0.00

    The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the 'dtlms_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for…

  • CVE-2022-2563Oct 17, 2022
    risk 0.00cvss epss 0.01

    The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)