VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 10 known issues Latest disclosed Feb 24, 2025

Namaste! LMS Vulnerabilities

Review known vulnerability records for the WordPress plugin Namaste! LMS (`namaste-lms`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-27353, CVE-2024-53809 and CVE-2024-50407, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
10
High or Critical
1
Patch Coverage
100%
Last Updated
Mar 03, 2025
Priority CVE Quick Links

Fast paths into Namaste! LMS CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
10
CVE-2024-50408 High 2.6.4
CVE-2024-50408 Namaste! LMS Vulnerability

Namaste! LMS <= 2.6.3 - Authenticated (Subscriber+) PHP Object Injection

CVE-2024-50409 Medium 2.6.3
CVE-2024-50409 Namaste! LMS Stored Cross-Site Scripting

Namaste! LMS <= 2.6.2 - Authenticated (Student+) Stored Cross-Site Scripting

CVE-2024-50410 Medium 2.6.4.1
CVE-2024-50410 Namaste! LMS Stored Cross-Site Scripting

Namaste! LMS <= 2.6.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting

CVE-2024-50407 Medium 2.6.3
CVE-2024-50407 Namaste! LMS Cross-Site Scripting

Namaste! LMS <= 2.6.2 - Reflected Cross-Site Scripting

CVE-2023-4602 Medium 2.6.1.2
CVE-2023-4602 Namaste! LMS Cross-Site Scripting

Namaste! LMS <= 2.6.1.1 - Reflected Cross-Site Scripting

CVE-2023-0844 Medium 2.6
CVE-2023-0844 Namaste! LMS Stored Cross-Site Scripting

Namaste! LMS <= 2.5.9.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'accept_other_payment_methods', 'other_payment_methods' Parameters

CVE-2023-0548 Medium 2.5.9.4
CVE-2023-0548 Namaste! LMS Stored Cross-Site Scripting

Namaste! LMS <= 2.5.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting

CVE-2023-24383 Medium 2.5.9.2
CVE-2023-24383 Namaste! LMS Stored Cross-Site Scripting

Namaste! LMS <= 2.5.9.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Namaste! LMS so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
10 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 1 high severity finding.
Recent CVEs
CVE-2025-27353, CVE-2024-53809 and CVE-2024-50407
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Namaste! LMS

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: No CVE-2025-27353
CVE-2025-27353: Namaste! LMS <= 2.6.5 - Cross-Site Request Forgery

The Namaste! LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized actio...

Published
Feb 24, 2025
Patched Release
Not published
Affected Versions
Versions up to 2.6.5
Next Step
Open the full report for remediation notes and references.
Open CVE-2025-27353 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-53809
CVE-2024-53809: Namaste! LMS <= 2.6.4.1 - Cross-Site Request Forgery

The Namaste! LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4.1. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown...

Published
Dec 02, 2024
Patched Release
2.6.5
Affected Versions
Versions up to 2.6.4.1
Next Step
Update to 2.6.5 or newer if supported.
Open CVE-2024-53809 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-50407
CVE-2024-50407: Namaste! LMS <= 2.6.2 - Reflected Cross-Site Scripting

The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pa...

Published
Oct 24, 2024
Patched Release
2.6.3
Affected Versions
Versions up to 2.6.2
Next Step
Update to 2.6.3 or newer if supported.
Open CVE-2024-50407 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-50408
CVE-2024-50408: Namaste! LMS <= 2.6.3 - Authenticated (Subscriber+) PHP Object Injection

The Namaste! LMS plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.6.3 via deserialization of untrusted input. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known...

Published
Oct 24, 2024
Patched Release
2.6.4
Affected Versions
Versions up to 2.6.3
Next Step
Update to 2.6.4 or newer if supported.
Open CVE-2024-50408 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-50409
CVE-2024-50409: Namaste! LMS <= 2.6.2 - Authenticated (Student+) Stored Cross-Site Scripting

The Namaste! LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with student-level access and above, to injec...

Published
Oct 24, 2024
Patched Release
2.6.3
Affected Versions
Versions up to 2.6.2
Next Step
Update to 2.6.3 or newer if supported.
Open CVE-2024-50409 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-50410
CVE-2024-50410: Namaste! LMS <= 2.6.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Namaste! LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to in...

Published
Oct 24, 2024
Patched Release
2.6.4.1
Affected Versions
Versions up to 2.6.4
Next Step
Update to 2.6.4.1 or newer if supported.
Open CVE-2024-50410 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-4602
CVE-2023-4602: Namaste! LMS <= 2.6.1.1 - Reflected Cross-Site Scripting

The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Published
Nov 14, 2023
Patched Release
2.6.1.2
Affected Versions
Versions up to 2.6.1.1
Next Step
Update to 2.6.1.2 or newer if supported.
Open CVE-2023-4602 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-0844
CVE-2023-0844: Namaste! LMS <= 2.5.9.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'accept_other_payment_methods', 'other_payment_methods' Parameters

The Namaste! LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'accept_other_payment_methods', 'other_payment_methods' parameters in versions up to 2.5.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authentic...

Published
Mar 03, 2023
Patched Release
2.6
Affected Versions
Versions up to 2.5.9.9
Next Step
Update to 2.6 or newer if supported.
Open CVE-2023-0844 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-0548
CVE-2023-0548: Namaste! LMS <= 2.5.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting

The Namaste! LMS for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.5.9.3 due to insufficient input sanitization and output escaping on the currency setting value. This makes it possible for authenticated attackers, w...

Published
Jan 31, 2023
Patched Release
2.5.9.4
Affected Versions
Versions up to 2.5.9.3
Next Step
Update to 2.5.9.4 or newer if supported.
Open CVE-2023-0548 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-24383
CVE-2023-24383: Namaste! LMS <= 2.5.9.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The Namaste! LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Certificate Title value in versions up to, and including, 2.5.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admini...

Published
Jan 27, 2023
Patched Release
2.5.9.2
Affected Versions
Versions before 2.5.9.2
Next Step
Update to 2.5.9.2 or newer if supported.
Open CVE-2023-24383 Report Open CVE Reference