Product
creativeitem academy lms
21 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-71179
CVE-2023-53876
CVE-2025-56749
CVE-2025-56748
CVE-2025-56746
CVE-2025-56747
CVE-2024-38701
CVE-2024-38959
CVE-2024-32714
CVE-2024-35171
CVE-2024-33912
CVE-2024-1505
CVE-2023-4974
CVE-2023-4973
CVE-2023-38964
CVE-2023-4119
CVE-2023-3752
CVE-2022-47132
CVE-2022-47131
CVE-2022-47130
CVE-2022-29380
all versions
Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting (XSS) vulnerabilities via the search parameter to the /academ
all versions
Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cro
<= 6.14
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret a
<= 5.13
Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without
<= 5.13
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session
<= 5.13
Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Api_instructor controller w
< 2.0.5
Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 2.0
all versions
Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to exec
< 1.9.17
Missing Authorization vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.16.
< 1.9.26
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.This issue affects Academy LMS: fr
< 1.9.17
Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16.
< 1.9.20
The Academy LMS - eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in
all versions
A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality
all versions
A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an
all versions
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.
all versions
A vulnerability has been found in Academy LMS 6.0 and classified as problematic. This vulnerability affects unknown code of the fi
all versions
A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unkno
< 5.10
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users.
< 5.10
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.
< 5.10
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker
all versions
Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel.