Learndash
by WordPress
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-6009 | Cri | 0.64 | 9.8 | 0.02 | Apr 1, 2020 | LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection. | ||
| CVE-2026-3079 | Med | 0.42 | 6.5 | 0.00 | Mar 24, 2026 | The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filters[orderby_order]' parameter in the 'learndash_propanel_template' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user… |
- risk 0.64cvss 9.8epss 0.02
LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection.
- risk 0.42cvss 6.5epss 0.00
The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filters[orderby_order]' parameter in the 'learndash_propanel_template' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user…