cleantalk
Vulnerabilities and Security Researches

Academy LMS – eLearning and online course solution for WordPress, CVE-2026-25372

CVE, Research URL

CVE-2026-25372

Home page URL

Security reports for Academy LMS – eLearning and online course solution for WordPress

Application

Academy LMS – eLearning and online course solution for WordPress

Published on
Feb 19, 2026
Research Description
Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.5.3.
Affected versions
max 3.5.3.
Status
vulnerable
Previous vulnerability researches
MailerLite &#8211; Signup forms (official) (7d2bf278e464f24994e0657790edb3a0f328acc5) , Jun 07, 2024
MailerLite &#8211; Signup forms (official) (CVE-2022-1604) , Jun 07, 2024
MailerLite &#8211; Signup forms (official) (CVE-2022-33201) , Jun 07, 2024
MailerLite &#8211; Signup forms (official) (CVE-2024-2797) , Jun 07, 2024
MailerLite &#8211; Signup forms (official) (CVE-2024-1386) , Jun 07, 2024
New vulnerability
Event Manager and Tickets Selling Plugin for WooCommerce &#8211; WpEvently &#8211; WordPress Plugin (CVE-2026-24942) , Feb 28, 2026
Event Manager and Tickets Selling Plugin for WooCommerce &#8211; WpEvently &#8211; WordPress Plugin (CVE-2026-23549) , Feb 28, 2026
Event Manager and Tickets Selling Plugin for WooCommerce &#8211; WpEvently &#8211; WordPress Plugin (CVE-2026-24954) , Feb 28, 2026
Library Management System (CVE-2025-12707) , Feb 28, 2026
CM Business Directory Plugin &#8211; Business Listing Directory (CVE-2026-25004) , Feb 28, 2026