Browse all 7 CVE security advisories affecting kodezen. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Kodezen develops web application frameworks primarily used for building enterprise solutions, with its products enabling rapid development of business applications. Historically, the framework has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its seven recorded CVEs. Security researchers have identified consistent input validation weaknesses and insecure default configurations in its components. While no major public security incidents have been documented, the accumulation of CVEs suggests ongoing challenges in secure coding practices, particularly regarding sanitization of user-supplied data and access control mechanisms.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-15521 | Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.5.0 - Unauthenticated Privilege Escalation via Account Takeover — Academy LMS – WordPress LMS Plugin for Complete eLearning SolutionCWE-639 | 9.8 | Critical | 2026-01-21 |
| CVE-2025-12099 | Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.3.8 - Authenticated (Administrator+) PHP Object Injection via 'import_all_courses' — Academy LMS – WordPress LMS Plugin for Complete eLearning SolutionCWE-502 | 7.2 | High | 2025-11-08 |
| CVE-2024-1505 | Academy LMS – eLearning and online course solution for WordPress <= 1.9.19 - Authenticated (Subscriber+) Privilege Escalation — Academy LMS – WordPress LMS Plugin for Complete eLearning SolutionCWE-269 | 8.8 | High | 2024-03-13 |
This page lists every published CVE security advisory associated with kodezen. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.