Medium 6.5
2026-04-11< 9.2.2
LifterLMS <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter
LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes
Minimum safe version
9.2.2
Update to 9.2.2 or later to address 18 fixable vulnerabilities
Latest available10.0.1 ✓
High 8.8
2025-11-13< 3.41.2
CVE-2025-11923
Critical 9.8
2025-07-01< 8.0.7
LifterLMS <= 8.0.6 - Unauthenticated SQL Injection
Medium 6.1
2025-05-15< 8.0.1
CVE-2024-13619
Medium 5.3
2025-03-19< 8.0.2
LifterLMS <= 8.0.1 - Missing Authorization to Unauthenticated Post Trashing
Medium 4.3
2024-12-18< 7.8.6
CVE-2024-12596
High 7.2
2024-09-06< 7.7.6
CVE-2024-7349
Medium 6.5
2024-06-05< 7.6.3
CVE-2024-4743
High 8.8
2024-04-12< 7.5.1
CVE-2024-31363
Medium 5.3
2024-03-13< 7.5.2
CVE-2024-0377
Medium 6.7
2023-11-22< 7.5.0
CVE-2023-6160
N/A
< 4.21.1
LifterLMS < 4.21.1 - Reflected Cross-Site Scripting (XSS) via Coupon Code in Checkout
N/A
2021-04-29< 4.21.1
LMS by LifterLMS <= 4.21.0 - Reflected Cross-Site Scripting
N/A
2021-05-10< 4.21.1
WordPress LifterLMS plugin <= 4.21.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Critical 9.8
2019-09-10< 3.35.1
CVE-2019-15896
Critical 9.8
2020-03-31< 3.37.15
CVE-2020-6008
Medium 5.4
2021-05-24< 4.21.1
CVE-2021-24308
High 7.5
2021-08-23< 4.21.2
CVE-2021-24562