Filime

**Name of the Vulnerable Software and Affected Versions** Frappe Learning Management System versions 2.44.0 and below **Description** Frappe Learning Management System (LMS) allows unauthorized users to access details of unpublished courses through API endpoints. The system is designed to help users structure content. **Recommendations** Update to version 2.45.0 or later.

**Name of the Vulnerable Software and Affected Versions** Frappe Learning Management System versions prior to 2.44.0 **Description** A security issue was identified in Frappe Learning Management System where unauthorized users could access the full list of enrolled students, including their email addresses, in batches. **Recommendations** Update to version 2.44.0 or later.

**Name of the Vulnerable Software and Affected Versions** Academy LMS versions n/a through 2.0.4 **Description** The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS. **Recommendations** For versions n/a through 2.0.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Cookie Law Info versions 1.1 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For WP Cookie Law Info versions 1.1 and earlier, update to a version that fixes this issue, as the current version is affected by Stored XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tutor LMS versions n/a through 2.7.1 **Description** The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, in Themeum Tutor LMS. This vulnerability allows Path Traversal. **Recommendations** For Tutor LMS versions n/a through 2.7.1, update to a version later than 2.7.1 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YITH Custom Login versions 1.7.0 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For YITH Custom Login versions 1.7.0 and earlier, update to a version later than 1.7.0 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.