WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Sfwd Lms safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Sfwd Lms WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: sfwd-lms

Known vulnerabilities

  • CVE-2018-25019 — LearnDash LMS [sfwd-lms] < 2.5.4 (Unrestricted File Upload) · High
  • CVE-2020-6009 — LearnDash LMS [sfwd-lms] < 3.1.6 (SQL Injection) · Critical
  • CVE-2020-7108 — LearnDash LMS [sfwd-lms] < 3.1.2 (XSS) · Medium
  • CVE-2023-28777 — LearnDash LMS [sfwd-lms] < 4.5.3.1 (SQL Injection) · High
  • CVE-2023-3105 — LearnDash LMS [sfwd-lms] < 4.6.0.1 (CWE-639) · High
+ 8 more known vulnerabilities
  • LearnDash LMS [sfwd-lms] < 4.10.2
  • LearnDash LMS [sfwd-lms] < 4.10.2
  • LearnDash LMS [sfwd-lms] < 4.10.3
  • CVE-2024-1210 — LearnDash LMS [sfwd-lms] < 4.10.2 (CWE-200) · Medium
  • CVE-2024-1209 — LearnDash LMS [sfwd-lms] < 4.10.2 (CWE-200) · Medium
  • CVE-2024-1208 — LearnDash LMS [sfwd-lms] < 4.10.3 (CWE-200) · Medium
  • CVE-2025-24662 — LearnDash LMS [sfwd-lms] < 4.20.0.3 (Missing Authorization) · Medium
  • CVE-2026-3079 — LearnDash LMS [sfwd-lms] < 5.0.3.1

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.