WordPress Plugin Vulnerabilities

LearnDash < 3.1.6 - Unauthenticated SQL Injection

Description

The sfwd-lms WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability.

Affects Plugins

Plugin icon
sfwd-lms
Fixed in 3.1.6

References

CVE
CVE-2020-6009
URL
https://learndash.releasenotes.io/release/YBfaq-version-316

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Verified
No
WPVDB ID
35e7adea-b4bb-4a24-bf5f-22a5e2fbc4e5

Timeline

Publicly Published
2020-04-01 (about 6 years ago)
Added
2020-04-02 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
oQey Gallery <= 0.4.8 - SQL Injection
Published
2026-01-28
Title
Woodly Core <= 1.4 - Unauthenticated SQL Injection
Published
2018-01-10
Title
Testimonial Slider <= 1.2.4 - Authenticated SQL Injection
Published
2024-05-21
Title
Simple Video Directory < 1.4.3 - Unauthenticated SQLi
Published
2025-03-21
Title
WooCommerce Multivendor Marketplace – REST API < 1.6.3 - Authenticated (Subscriber+) SQL Injection