Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
LearnDash LMS plugin for WordPress allows unauthorized data access
CVE-2026-3079
Summary
An attacker with Contributor-level access and above can access sensitive information in the LearnDash LMS plugin for WordPress. This happens when they use a specific parameter in a special request. To protect your site, update to the latest version of the plugin or consider temporarily disabling the affected feature until the update is available.
Original title
The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filters[orderby_order]' parameter in the 'learndash_propanel_template' AJAX action in all versions up...
Original description
The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filters[orderby_order]' parameter in the 'learndash_propanel_template' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
nvd CVSS3.1
6.5
Vulnerability type
CWE-89
SQL Injection
- http://www.learndash.com/
- https://plugins.trac.wordpress.org/browser/sfwd-lms/trunk/includes/ld-reports.ph...
- https://plugins.trac.wordpress.org/browser/sfwd-lms/trunk/includes/reports/inclu...
- https://plugins.trac.wordpress.org/browser/sfwd-lms/trunk/includes/reports/inclu...
- https://plugins.trac.wordpress.org/browser/sfwd-lms/trunk/includes/reports/inclu...
- https://www.learndash.com/changelog/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/29a560fa-03bf-435c-85d...
Published: 24 Mar 2026 · Updated: 24 Mar 2026 · First seen: 24 Mar 2026