Skip to main content

Wp Learn Manager

3 CVEs product

Monthly

CVE-2026-12153 CRITICAL Act Now

Authorization bypass in the WP Learn Manager WordPress plugin (all versions through 1.1.8) lets unauthenticated attackers install and activate arbitrary plugins from the WordPress.org repository on a vulnerable site. The flaw stems from AJAX handlers that fail to verify a caller's authorization, and Wordfence rates it CVSS 9.8. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated, low-complexity nature makes it a high-priority patch target.

Authentication Bypass WordPress Wp Learn Manager
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2021-47975 MEDIUM POC This Month

WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wp Learn Manager
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2021-24504 MEDIUM POC This Month

The WP LMS - Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Wp Learn Manager
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Authorization bypass in the WP Learn Manager WordPress plugin (all versions through 1.1.8) lets unauthenticated attackers install and activate arbitrary plugins from the WordPress.org repository on a vulnerable site. The flaw stems from AJAX handlers that fail to verify a caller's authorization, and Wordfence rates it CVSS 9.8. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated, low-complexity nature makes it a high-priority patch target.

Authentication Bypass WordPress Wp Learn Manager
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM POC This Month

WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wp Learn Manager
NVD Exploit-DB VulDB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The WP LMS - Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS +1
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy