VYPR

Learndash

by WordPress

CVEs (2)

  • CVE-2020-6009CriApr 1, 2020
    risk 0.64cvss 9.8epss 0.02

    LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection.

  • CVE-2026-3079MedMar 24, 2026
    risk 0.42cvss 6.5epss 0.00

    The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filters[orderby_order]' parameter in the 'learndash_propanel_template' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user…