Academy LMS
Products
2- 7 CVEs
- 2 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15521 | Cri | 0.64 | 9.8 | 0.00 | Jan 21, 2026 | The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to… | ||
| CVE-2022-47132 | Hig | 0.57 | 8.8 | 0.01 | Feb 3, 2023 | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users. | ||
| CVE-2025-11086 | Hig | 0.53 | 8.1 | 0.00 | Oct 22, 2025 | The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.7. This is due to the plugin not properly validating a user's role prior to registering a user via the… | ||
| CVE-2023-4974 | Med | 0.41 | 6.3 | 0.05 | Sep 15, 2023 | A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql… | ||
| CVE-2023-4119 | Med | 0.31 | 4.3 | 0.02 | Aug 3, 2023 | A vulnerability has been found in Academy LMS 6.0 and classified as problematic. This vulnerability affects unknown code of the file /academy/home/courses. The manipulation of the argument query/sort_by leads to cross site scripting. The attack can be initiated remotely.… | ||
| CVE-2022-47131 | Med | 0.31 | 4.8 | 0.00 | Feb 3, 2023 | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page. | ||
| CVE-2022-29380 | Med | 0.31 | 4.8 | 0.01 | May 25, 2022 | Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel. | ||
| CVE-2022-47130 | Med | 0.28 | 4.3 | 0.01 | Feb 3, 2023 | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page. | ||
| CVE-2023-4973 | Low | 0.23 | 3.5 | 0.02 | Sep 15, 2023 | A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument… |
- risk 0.64cvss 9.8epss 0.00
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to…
- risk 0.57cvss 8.8epss 0.01
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users.
- risk 0.53cvss 8.1epss 0.00
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.7. This is due to the plugin not properly validating a user's role prior to registering a user via the…
- risk 0.41cvss 6.3epss 0.05
A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql…
- risk 0.31cvss 4.3epss 0.02
A vulnerability has been found in Academy LMS 6.0 and classified as problematic. This vulnerability affects unknown code of the file /academy/home/courses. The manipulation of the argument query/sort_by leads to cross site scripting. The attack can be initiated remotely.…
- risk 0.31cvss 4.8epss 0.00
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.
- risk 0.31cvss 4.8epss 0.01
Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel.
- risk 0.28cvss 4.3epss 0.01
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page.
- risk 0.23cvss 3.5epss 0.02
A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument…