VYPR
Vendor

Academy LMS

Products
2
CVEs
9
Across products
9
Status
Private

Products

2

Recent CVEs

9
  • CVE-2025-15521CriJan 21, 2026
    risk 0.64cvss 9.8epss 0.00

    The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to…

  • CVE-2022-47132HigFeb 3, 2023
    risk 0.57cvss 8.8epss 0.01

    A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users.

  • CVE-2025-11086HigOct 22, 2025
    risk 0.53cvss 8.1epss 0.00

    The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.7. This is due to the plugin not properly validating a user's role prior to registering a user via the…

  • CVE-2023-4974MedSep 15, 2023
    risk 0.41cvss 6.3epss 0.05

    A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql…

  • CVE-2023-4119MedAug 3, 2023
    risk 0.31cvss 4.3epss 0.02

    A vulnerability has been found in Academy LMS 6.0 and classified as problematic. This vulnerability affects unknown code of the file /academy/home/courses. The manipulation of the argument query/sort_by leads to cross site scripting. The attack can be initiated remotely.…

  • CVE-2022-47131MedFeb 3, 2023
    risk 0.31cvss 4.8epss 0.00

    A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.

  • CVE-2022-29380MedMay 25, 2022
    risk 0.31cvss 4.8epss 0.01

    Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel.

  • CVE-2022-47130MedFeb 3, 2023
    risk 0.28cvss 4.3epss 0.01

    A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page.

  • CVE-2023-4973LowSep 15, 2023
    risk 0.23cvss 3.5epss 0.02

    A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument…

VYPR — Vulnerability Intelligence