Does Dokeos LMS have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Dokeos LMS compatible with WordPress 6.6.5?

According to WordPress.org data, Dokeos LMS 0.7.4 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Dokeos LMS compatible with PHP 7.4+?

Dokeos LMS requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Dokeos LMS updated?

Dokeos LMS was last updated on Nov 7, 2025. Frequent updates are generally a positive security signal.

What is Dokeos LMS's security score?

Dokeos LMS has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Dokeos LMS Security & Risk Analysis

wordpress.org/plugins/dokeos

Import your Dokeos trainings in your WooCommerce store. Once your credentials are validated, you’ll be able to create links between your WooCommerce p …

10 active installs v0.7.4 PHP 7.4+ WP 0.5+ Updated Nov 7, 2025

dokeosformationlmssell-trainingwoocommerce-trainings

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Dokeos LMS Safe to Use in 2026?

Generally Safe

Score 100/100

Dokeos LMS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The 'dokeos' plugin version 0.7.4 exhibits a concerning security posture primarily due to its unprotected attack surface. With two identified AJAX handlers and neither possessing authentication checks, there's a significant risk of unauthorized actions being performed if an attacker can trigger these handlers. This lack of basic security controls is a critical weakness, despite the absence of known vulnerabilities in its history. The plugin also demonstrates a lack of nonces and capability checks, further exacerbating the risk associated with the unprotected AJAX endpoints. While the use of prepared statements for SQL queries and the majority of output escaping are positive signs of good coding practices, they are overshadowed by the critical entry point vulnerabilities.

The static analysis reveals two unsanitized path taint flows, which, while not classified as critical or high severity in this instance, are still a point of concern. This suggests a potential for unintended file access or manipulation if these paths are exposed to user input. The plugin also makes a relatively high number of external HTTP requests (8), which, without further analysis of their purpose and security, could represent a potential attack vector if those external services are compromised or if the plugin's communication with them is insecure.

The complete absence of recorded vulnerabilities, including CVEs, is a positive aspect, suggesting a history of relative stability. However, this could also be an indicator that the plugin has not been thoroughly audited or that vulnerabilities have simply not been publicly disclosed or discovered. Given the critical nature of the unprotected AJAX handlers and the lack of essential security checks like nonces and capability checks, the plugin's overall security is weak and requires immediate attention to mitigate potential exploitation.

Key Concerns

AJAX handlers without authentication checks
AJAX handlers without nonce checks
Entry points without capability checks
Flows with unsanitized paths
Unescaped output identified

Vulnerabilities

None known

Dokeos LMS Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Dokeos LMS Release Timeline

v0.6

v0.5

v0.4

v0.3

v0.2

v0.1

Code Analysis

Analyzed Mar 16, 2026

Dokeos LMS Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

20 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

71% escaped28 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

dwc_handle_direct_renew_subscription_action (inc\functions.php:978)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Dokeos LMS Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_dwc_relaunch_hook_actioninc\functions.php:956

authwp_ajax_dwc_renew_subscription_actioninc\functions.php:977

WordPress Hooks 15

actionadmin_enqueue_scriptsinc\functions.php:17

actionplugins_loadedinc\functions.php:325

actionwoocommerce_payment_completeinc\functions.php:619

actionwoocommerce_order_status_completedinc\functions.php:620

actionwoocommerce_order_status_processinginc\functions.php:621

actionwoocommerce_subscription_renewal_payment_completeinc\functions.php:622

actionadmin_initinc\functions.php:652

actionadmin_menuinc\functions.php:654

actionadmin_noticesinc\functions.php:666

actionwoocommerce_account_dashboardinc\functions.php:685

actionwoocommerce_subscription_renewal_payment_completeinc\functions.php:899

actionwoocommerce_renewal_order_payment_completeinc\functions.php:901

actionwcs_renewal_order_createdinc\functions.php:903

actionadd_meta_boxesinc\functions.php:909

actionplugins_loadedinc\init.php:3

Maintenance & Trust

Dokeos LMS Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedNov 7, 2025

PHP min version7.4

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Dokeos LMS Alternatives

The Ultimate Video Player For WordPress – by Presto Player

presto-player

The Ultimate WordPress Video Player.

100K 2 CVEs

Tutor LMS – eLearning and online course solution

tutor

A complete WordPress LMS plugin to create any eLearning website easily.

100K 69 CVEs

LearnPress – WordPress LMS Plugin for Create and Sell Online Courses

learnpress

A WordPress LMS Plugin to create WordPress Learning Management System. Turn your WordPress to LMS WordPress Website with Courses, Lessons, Quizzes &am …

80K 67 CVEs

LearnPress – Course Review

learnpress-course-review

LearnPress Course Review - An extension plugin for LearnPress.

30K 1 CVE

Tutor LMS Elementor Addons

tutor-lms-elementor-addons

Get 35+ Elementor widgets to create an entire eLearning site with Tutor LMS and design custom course pages, course carousels, listings, and more.

30K 5 CVEs

Developer Profile

Dokeos LMS Developer Profile

dokeos

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Dokeos LMS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dokeos/style/style.css

HTML / DOM Fingerprints

CSS Classes

dwc_table

HTML Comments

NOTE Message si WooCommerce non-activéNOTE Enregistrement de l'option "Licence"NOTE Enregistrement de la page des optionsNOTE Fonction logs+4 more

Data Attributes

data-dokeos-debug-processdata-dokeos-debug-userexistsdata-dokeos-debug-createuserdata-dokeos-debug-participationdata-dwc-logs

REST Endpoints

/public_api/trainings

FAQ