PLUGIN SECURITY
Is Sfwd Lms safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Sfwd Lms WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
sfwd-lms
Known vulnerabilities
- CVE-2018-25019 — LearnDash LMS [sfwd-lms] < 2.5.4 (Unrestricted File Upload) · High
- CVE-2020-6009 — LearnDash LMS [sfwd-lms] < 3.1.6 (SQL Injection) · Critical
- CVE-2020-7108 — LearnDash LMS [sfwd-lms] < 3.1.2 (XSS) · Medium
- CVE-2023-28777 — LearnDash LMS [sfwd-lms] < 4.5.3.1 (SQL Injection) · High
- CVE-2023-3105 — LearnDash LMS [sfwd-lms] < 4.6.0.1 (CWE-639) · High
+ 8 more known vulnerabilities
- LearnDash LMS [sfwd-lms] < 4.10.2
- LearnDash LMS [sfwd-lms] < 4.10.2
- LearnDash LMS [sfwd-lms] < 4.10.3
- CVE-2024-1210 — LearnDash LMS [sfwd-lms] < 4.10.2 (CWE-200) · Medium
- CVE-2024-1209 — LearnDash LMS [sfwd-lms] < 4.10.2 (CWE-200) · Medium
- CVE-2024-1208 — LearnDash LMS [sfwd-lms] < 4.10.3 (CWE-200) · Medium
- CVE-2025-24662 — LearnDash LMS [sfwd-lms] < 4.20.0.3 (Missing Authorization) · Medium
- CVE-2026-3079 — LearnDash LMS [sfwd-lms] < 5.0.3.1
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.