cleantalk
Vulnerabilities and Security Researches

Academy LMS – eLearning and online course solution for WordPress, CVE-2024-1505

CVE, Research URL

CVE-2024-1505

Home page URL

Security reports for Academy LMS – eLearning and online course solution for WordPress

Application

Academy LMS – eLearning and online course solution for WordPress

Published on
Mar 13, 2024
Research Description
The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saved_user_info() function. This makes it possible for authenticated attackers, with minimal permissions such as students, to elevate their user role to that of an administrator.
Affected versions
max 1.9.20.
Status
vulnerable
Previous vulnerability researches
Academy LMS – eLearning and online course solution for WordPress (CVE-2025-59562) , Oct 11, 2025
Academy LMS – eLearning and online course solution for WordPress (CVE-2024-1505) , Jun 06, 2024
Academy LMS – eLearning and online course solution for WordPress (CVE-2024-32714) , Jun 06, 2024
Academy LMS – eLearning and online course solution for WordPress (CVE-2024-35171) , Jun 06, 2024
Academy LMS – eLearning and online course solution for WordPress (CVE-2024-33912) , Jun 06, 2024
New vulnerability
APPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android Apps (CVE-2025-68881) , Jan 28, 2026
Simple Calendar – Google Calendar Plugin (CVE-2025-68979) , Jan 28, 2026
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2025-14901) , Jan 28, 2026
IMGspider – 图片采集抓取插件 (CVE-2026-22482) , Jan 28, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2025-15380) , Jan 28, 2026