LearnDash LMS

Vulnerabilities 13Slug sfwd-lmsLatest version 4.1.0Plugin page →

Minimum safe version

5.0.3.1

Update to 5.0.3.1 or later to address 13 fixable vulnerabilities

Latest available4.1.0 ✗

N/A

2026-03-23< 5.0.3.1

LearnDash LMS <= 5.0.3 - Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter

Wordfence CVE

Medium 5.3

2025-01-27< 4.20.0.3

CVE-2025-24662

CVE EUVD Patchstack Wordfence

Medium 5.3

2024-02-05< 4.10.3

CVE-2024-1208

CVE Patchstack WPScan

Medium 5.3

2024-02-05< 4.10.2

CVE-2024-1209

CVE Patchstack WPScan

Medium 5.3

2024-02-05< 4.10.2

CVE-2024-1210

CVE Patchstack WPScan

N/A

2024-02-02< 4.10.3

LearnDash LMS <= 4.10.2 - Sensitive Information Exposure via API

Wordfence

N/A

2024-02-02< 4.10.2

LearnDash LMS <= 4.10.1 - Sensitive Information Exposure via API

Wordfence

N/A

2024-02-02< 4.10.2

LearnDash LMS <= 4.10.1 - Sensitive Information Exposure via assignments

Wordfence

High 8.8

2023-07-12< 4.6.0.1

CVE-2023-3105

CVE Wordfence Patchstack WPScan

High 8.5

2023-10-31< 4.5.3.1

CVE-2023-28777

CVE Patchstack Wordfence WPScan

Medium 5.4

2020-01-16< 3.1.2

CVE-2020-7108

CVE Patchstack Wordfence WPScan

Critical 9.8

2020-09-22< 3.1.6

WordPress LearnDash LMS premium plugin <= 3.1.5 - Unauthenticated SQL Injection (SQLi) vulnerability

Patchstack CVE Wordfence WPScan

High 7.5

2021-11-01< 2.5.4

CVE-2018-25019

CVE Patchstack Wordfence WPScan