Vulnerabilities > Learndash > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-31 | CVE-2023-28777 | Unspecified vulnerability in Learndash Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LearnDash LearnDash LMS allows SQL Injection.This issue affects LearnDash LMS: from n/a through 4.5.3. | 8.8 |
| 2021-11-01 | CVE-2018-25019 | Missing Authorization vulnerability in Learndash The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server | 7.5 |