All 8 CVE vulnerabilities found in LearnDash LMS, with AI-generated Chinese analysis, references, and POCs.
Vendor: Unknown
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2026-3079 | LearnDash LMS <= 5.0.3 - Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter CWE-89 | 6.5 | Medium | 2026-03-24 |
| CVE-2025-24662 | WordPress LearnDash LMS Plugin <= 4.20.0.1 - Broken Access Control vulnerability CWE-862 | 5.3 | Medium | 2025-01-27 |
| CVE-2024-1208 | LearnDash LMS <= 4.10.2 - Sensitive Information Exposure via API CWE-200 | 5.3 | Medium | 2024-02-05 |
| CVE-2024-1209 | LearnDash LMS <= 4.10.1 - Sensitive Information Exposure via assignments CWE-200 | 5.3 | Medium | 2024-02-05 |
| CVE-2024-1210 | LearnDash LMS <= 4.10.1 - Sensitive Information Exposure via API CWE-200 | 5.3 | Medium | 2024-02-05 |
| CVE-2023-28777 | WordPress LearnDash LMS Plugin <= 4.5.3 is vulnerable to SQL Injection CWE-89 | 9.8 | - | 2023-10-31 |
| CVE-2023-3105 | LearnDash LMS <= 4.6.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change CWE-639 | 8.8 | High | 2023-07-12 |
| CVE-2018-25019 | LearnDash < 2.5.4 - Unauthenticated Arbitrary File Upload CWE-434 | 7.5 | - | 2021-11-01 |
All 8 known CVE vulnerabilities affecting LearnDash LMS with full Chinese analysis, references, and POCs where available.