| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39415 | Frappe Learning Management System has Client-Side Manipulation of Quiz Scores | frappe | lms | - | - | 2026-04-08 20:07:46 | Deep Dive |
| CVE-2026-5167 | Masteriyo LMS <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint | masteriyo | Masteriyo LMS – Online Course Builder for eLearning, LMS & Education | Medium | 5.3 | 2026-04-08 06:43:41 | Deep Dive |
| CVE-2026-4333 | LearnPress <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'skin' Shortcode Attribute | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 6.4 | 2026-04-08 03:36:08 | Deep Dive |
| CVE-2026-34606 | Stored XSS in Frappe LMS | frappe | lms | - | - | 2026-04-02 17:50:01 | Deep Dive |
| CVE-2026-4484 | Masteriyo LMS <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator | masteriyo | Masteriyo LMS – Online Course Builder for eLearning, LMS & Education | High | 8.8 | 2026-03-26 01:25:34 | Deep Dive |
| CVE-2026-32530 | WordPress Creator LMS plugin <= 1.1.18 - Privilege Escalation vulnerability | WPFunnels | Creator LMS | 中危 | - | 2026-03-25 16:15:09 | Deep Dive |
| CVE-2026-31914 | WordPress WP Courses LMS plugin <= 3.2.26 - Cross Site Scripting (XSS) vulnerability | hookandhook | WP Courses LMS | 中危 | - | 2026-03-25 16:14:57 | Deep Dive |
| CVE-2026-25406 | WordPress Tutor LMS Pro plugin <= 3.9.4 - Broken Authentication vulnerability | Themeum | Tutor LMS Pro | High | 8.1 | 2026-03-25 16:14:49 | Deep Dive |
| CVE-2026-3079 | LearnDash LMS <= 5.0.3 - Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter | StellarWP | LearnDash LMS | Medium | 6.5 | 2026-03-24 01:25:21 | Deep Dive |
| CVE-2026-3225 | LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 4.3 | 2026-03-23 22:25:41 | Deep Dive |
| CVE-2025-32223 | WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability | Themeum | Tutor LMS | 中危 | - | 2026-03-19 08:05:59 | Deep Dive |
| CVE-2026-30882 | Chamilo LMS: Reflected XSS in the session category listing page | chamilo | chamilo-lms | Medium | 6.1 | 2026-03-16 19:21:16 | Deep Dive |
| CVE-2026-30881 | Chamilo LMS: SQL Injection in the statistics AJAX endpoint | chamilo | chamilo-lms | High | 8.8 | 2026-03-16 19:20:00 | Deep Dive |
| CVE-2026-30876 | Chamilo LMS: User enumeration vulnerability via response | chamilo | chamilo-lms | - | - | 2026-03-16 19:18:42 | Deep Dive |
| CVE-2026-30875 | Chamilo LMS: Authenticated RCE via H5P Import | chamilo | chamilo-lms | High | 8.8 | 2026-03-16 19:16:38 | Deep Dive |
| CVE-2026-28430 | Chamilo LMS Vulnerable to Unauthenticated SQL Injection in chamiko-lms model.ajax.php | chamilo | chamilo-lms | - | - | 2026-03-16 19:13:59 | Deep Dive |
| CVE-2026-31922 | WordPress Fox LMS plugin <= 1.0.6.3 - SQL Injection vulnerability | Ays Pro | Fox LMS | 中危 | - | 2026-03-13 11:41:55 | Deep Dive |
| CVE-2026-3226 | LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 4.3 | 2026-03-12 02:22:37 | Deep Dive |
| CVE-2026-0953 | Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login | themeum | Tutor LMS Pro | Critical | 9.8 | 2026-03-10 05:26:29 | Deep Dive |
| CVE-2026-29041 | Chamilo: Authenticated Remote Code Execution via Unrestricted File Upload | chamilo | chamilo-lms | High | 8.8 | 2026-03-06 03:32:38 | Deep Dive |