| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-60239 | WordPress CoSchool LMS plugin <= 1.4.3 - SQL Injection vulnerability | Codexpert, Inc | CoSchool LMS | High | 8.5 | 2025-11-06 15:55:09 | Deep Dive |
| CVE-2025-64366 | WordPress MasterStudy LMS plugin <= 3.6.27 - SQL Injection vulnerability | Stylemix | MasterStudy LMS | High | 7.6 | 2025-10-31 11:42:39 | Deep Dive |
| CVE-2025-64212 | WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability | StylemixThemes | MasterStudy LMS Pro | Medium | 5.4 | 2025-10-29 08:38:09 | Deep Dive |
| CVE-2025-62779 | Frappe Learning users were able to add HTML through input fields in the Job Form | frappe | lms | - | - | 2025-10-27 21:19:04 | Deep Dive |
| CVE-2025-62778 | Frappe Learning allowed students to access the Quiz Form via direct URL | frappe | lms | - | - | 2025-10-27 21:16:06 | Deep Dive |
| CVE-2025-6639 | Tutor LMS Pro – eLearning and online course solution <= 3.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to View/Edit Other Assignments | themeum | Tutor LMS Pro | Medium | 5.4 | 2025-10-25 05:31:22 | Deep Dive |
| CVE-2025-11564 | Tutor LMS – eLearning and online course solution <= 3.8.3 - Missing Authorization to Unauthenticated Payment Status Update | themeum | Tutor LMS – eLearning and online course solution | Medium | 5.3 | 2025-10-25 05:31:20 | Deep Dive |
| CVE-2025-6680 | Tutor LMS <= 3.8.3 - Missing Authorization to Sensitive Information Exposure | themeum | Tutor LMS – eLearning and online course solution | Medium | 4.3 | 2025-10-25 05:31:19 | Deep Dive |
| CVE-2025-59575 | WordPress MasterStudy LMS plugin <= 3.6.20 - Sensitive Data Exposure vulnerability | Stylemix | MasterStudy LMS | - | - | 2025-10-22 14:32:39 | Deep Dive |
| CVE-2025-11086 | Academy LMS Pro <= 3.3.7 - Unauthenticated Privilege Escalation via Social Login Addon | academylms | Academy LMS Pro | High | 8.1 | 2025-10-22 11:25:18 | Deep Dive |
| CVE-2025-11372 | LearnPress – WordPress LMS Plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 6.5 | 2025-10-18 06:42:49 | Deep Dive |
| CVE-2025-62158 | Frappe had attachments made by students to their assignments of type Text set to public | frappe | lms | - | - | 2025-10-10 20:05:38 | Deep Dive |
| CVE-2025-11304 | CodeCanyon/ui-lib Mentor LMS API cross-domain policy | CodeCanyon | Mentor LMS | Medium | 6.3 | 2025-10-05 21:02:06 | Deep Dive |
| CVE-2025-11283 | Frappe LMS Course cross site scripting | Frappe | LMS | Low | 2.4 | 2025-10-05 05:02:06 | Deep Dive |
| CVE-2025-11282 | Frappe LMS Incomplete Fix CVE-2025-55006 cross site scripting | Frappe | LMS | Low | 2.4 | 2025-10-05 04:32:06 | Deep Dive |
| CVE-2025-11281 | Frappe LMS Unpublished Course courses access control | Frappe | LMS | Medium | 5.0 | 2025-10-05 04:02:06 | Deep Dive |
| CVE-2025-11280 | Frappe LMS Assignment Picture files direct request | Frappe | LMS | Low | 3.7 | 2025-10-05 03:32:06 | Deep Dive |
| CVE-2025-59562 | WordPress Academy LMS Plugin <= 3.3.4 - Insecure Direct Object References (IDOR) Vulnerability | Kodezen LLC | Academy LMS | Medium | 5.5 | 2025-09-22 18:26:02 | Deep Dive |
| CVE-2025-59576 | WordPress MasterStudy LMS Plugin <= 3.6.20 - Broken Access Control Vulnerability | Stylemix | MasterStudy LMS | Medium | 6.5 | 2025-09-22 18:25:55 | Deep Dive |
| CVE-2025-59577 | WordPress MasterStudy LMS Plugin <= 3.6.20 - Race Condition Vulnerability | Stylemix | MasterStudy LMS | Medium | 4.3 | 2025-09-22 18:25:54 | Deep Dive |