CVE-2025-12098

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Academy LMS – WordPress LMS Plugin for Complete eLearning Solution versions prior to 3.3.9

Description The Academy LMS – WordPress LMS Plugin for WordPress is susceptible to sensitive information disclosure. Specifically, the enqueue social login script function can allow unauthenticated attackers to extract sensitive data, including the Facebook App Secret, if Facebook Social Login is enabled.

Recommendations Update to version 3.3.9 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2025-12098

Affected Products

Academy Lms

Facebook

CVE-2025-12098

Weakness Enumeration

Related Identifiers

Affected Products

References · 7