Plugin icon

LearnDash LMS

sfwd-lms

Vulnerabilities:

10

Last Updated:

September 4, 2025

Active Installs:

n/a

Published
Title
Fixed in
CVSS
Published
2026-03-23
Title
LearnDash LMS < 5.0.3.1 - Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter
Fixed in
Fixed in 5.0.3.1
CVSS
4.9 (medium)
Published
2025-01-24
Title
LearnDash LMS < 4.20.0.3 - Missing Authorization
Fixed in
Fixed in 4.20.0.3
CVSS
5.3 (medium)
Published
2024-02-02
Title
LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments
Fixed in
Fixed in 4.10.2
CVSS
5.3 (medium)
Published
2024-02-02
Title
LearnDash LMS < 4.10.2 - Sensitive Information Exposure via API
Fixed in
Fixed in 4.10.2
CVSS
5.3 (medium)
Published
2024-02-02
Title
LearnDash LMS < 4.10.3 - Sensitive Information Exposure via API
Fixed in
Fixed in 4.10.3
CVSS
5.3 (medium)
Published
2023-10-31
Title
LearnDash LMS < 4.5.3.1 - SQL Injection
Fixed in
Fixed in 4.5.3.1
CVSS
6.8 (medium)
Published
2023-06-27
Title
LearnDash LMS < 4.6.0.1 - User Account Takeover via Insecure Direct Object References
Fixed in
Fixed in 4.6.0.1
CVSS
8.8 (high)
Published
2020-04-01
Title
LearnDash < 3.1.6 - Unauthenticated SQL Injection
Fixed in
Fixed in 3.1.6
CVSS
9.8 (critical)
Published
2020-01-15
Title
LearnDash < 3.1.2 - Reflected Cross Site Scripting (XSS) issue on the [ld_profile] search field.
Fixed in
Fixed in 3.1.2
CVSS
6.1 (medium)
Published
2018-01-06
Title
LearnDash < 2.5.4 - Unauthenticated Arbitrary File Upload
Fixed in
Fixed in 2.5.4
CVSS
9.0 (critical)