| CVE-2026-26031 | Frappe LMS affected by unauthorised user was able to access the full list of batch enrolled students | frappe | lms | - | - | 2026-02-11 21:32:15 | Deep Dive |
| CVE-2026-1371 | Tutor LMS <= 3.9.5 - Authenticated (Subscriber+) Information Disclosure in Coupon Details via 'tutor_coupon_details' AJAX Action | themeum | Tutor LMS – eLearning and online course solution | Medium | 5.3 | 2026-02-03 07:31:24 | Deep Dive |
| CVE-2026-1375 | Tutor LMS <= 3.9.5 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Course Modification and Deletion | themeum | Tutor LMS – eLearning and online course solution | High | 8.1 | 2026-02-03 07:31:23 | Deep Dive |
| CVE-2020-36960 | Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting | Formalms | Forma LMS | Medium | 6.4 | 2026-01-26 17:43:22 | Deep Dive |
| CVE-2026-24584 | WordPress Tutor LMS BunnyNet Integration plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability | Themeum | Tutor LMS BunnyNet Integration | 中危 | - | 2026-01-23 14:29:00 | Deep Dive |
| CVE-2025-47555 | WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability | Themeum | Tutor LMS | Low | 3.8 | 2026-01-22 16:51:41 | Deep Dive |
| CVE-2025-15521 | Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.5.0 - Unauthenticated Privilege Escalation via Account Takeover | kodezen | Academy LMS – WordPress LMS Plugin for Complete eLearning Solution | Critical | 9.8 | 2026-01-21 01:23:32 | Deep Dive |
| CVE-2025-15347 | Creator LMS – The LMS for Creators, Coaches, and Trainers <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update | getwpfunnels | Creator LMS – Online Courses and eLearning Plugin | High | 8.8 | 2026-01-20 14:26:33 | Deep Dive |
| CVE-2026-0548 | Tutor LMS – eLearning and online course solution <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment Deletion | themeum | Tutor LMS – eLearning and online course solution | Medium | 5.4 | 2026-01-20 14:26:32 | Deep Dive |
| CVE-2025-14798 | LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 5.3 | 2026-01-20 03:25:18 | Deep Dive |
| CVE-2026-1106 | Chamilo LMS Legal Consent SocialController.php deleteLegal improper authorization | Chamilo | LMS | Medium | 5.4 | 2026-01-18 00:02:09 | Deep Dive |
| CVE-2026-23497 | Frappe LMS has a Stored XSS via Unsanitized Image Filename in Course and Jobs Pages | frappe | lms | - | - | 2026-01-14 18:25:52 | Deep Dive |
| CVE-2025-13935 | Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion | themeum | Tutor LMS – eLearning and online course solution | Medium | 4.3 | 2026-01-09 07:22:12 | Deep Dive |
| CVE-2025-13934 | Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass | themeum | Tutor LMS – eLearning and online course solution | Medium | 4.3 | 2026-01-09 07:22:12 | Deep Dive |
| CVE-2025-13628 | Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification | themeum | Tutor LMS – eLearning and online course solution | Medium | 4.3 | 2026-01-09 07:22:11 | Deep Dive |
| CVE-2025-13679 | Tutor LMS <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_details | themeum | Tutor LMS – eLearning and online course solution | Medium | 6.5 | 2026-01-08 07:04:13 | Deep Dive |
| CVE-2025-14802 | LearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 5.4 | 2026-01-07 07:17:33 | Deep Dive |
| CVE-2025-69359 | WordPress Creator LMS plugin <= 1.1.12 - Broken Access Control vulnerability | WPFunnels | Creator LMS | Medium | 5.3 | 2026-01-06 16:36:42 | Deep Dive |
| CVE-2025-13964 | LearnPress – WordPress LMS Plugin <= 4.3.2 - Missing Authentication to Unauthenticated Course Modification | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 5.3 | 2026-01-06 08:21:49 | Deep Dive |
| CVE-2025-13766 | MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.6 Missing Authorization to Authenticated (Subscriber+) Posts and Media Creation, Modification and Deletion | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Medium | 5.4 | 2026-01-06 08:21:48 | Deep Dive |