WP-Safety

Institute Management – Learning Management System Security & Risk Analysis

wordpress.org/plugins/institute-management

Institute Management is a comprehensive plugin to manage institute related activities such as courses, batches, enquiries, registrations, fees, studen …

100 active installs v5.6 PHP + WP + Updated Feb 23, 2026
course-managementfees-managementinstitute-managementlmsstudent-management
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEFeb 18, 2026
Plugin page Download
Safety Verdict

Is Institute Management – Learning Management System Safe to Use in 2026?

Mostly Safe

Score 78/100

Institute Management – Learning Management System is generally safe to use. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Feb 18, 2026Updated 2mo ago
Risk Assessment

The "institute-management" plugin v5.6 exhibits a mixed security posture. On the positive side, it demonstrates strong practices in output escaping and avoids dangerous functions, file operations, and external HTTP requests. The absence of known CVEs and a clean vulnerability history suggest a generally well-maintained codebase over time. However, a significant concern arises from its attack surface, with 36 out of 37 entry points being unprotected AJAX handlers. While nonce checks are present for all these handlers, the complete lack of capability checks on these critical entry points presents a substantial risk. This means that any authenticated user, regardless of their role or permissions, could potentially trigger these AJAX actions, opening the door to unauthorized operations if those actions are not inherently secured by other means.

The taint analysis reveals no unsanitized paths, which is excellent. The SQL query practices are also moderately good, with nearly half using prepared statements, though there's room for improvement. The primary weakness lies in the unprotected AJAX handlers, which represent a large potential attack vector. Without proper capability checks on these handlers, the plugin relies solely on nonces for basic security, which is insufficient against malicious authenticated users. The large number of AJAX handlers, coupled with the lack of authorization checks, is the most pressing security concern identified.

In conclusion, while the plugin shows strength in several areas like output escaping and lack of known vulnerabilities, the extensive unprotected AJAX endpoints significantly undermine its overall security. The presence of nonces is a good starting point, but the absence of capability checks on such a large portion of the attack surface is a critical oversight that needs immediate attention. Addressing these unprotected AJAX handlers with appropriate capability checks would drastically improve the plugin's security.

Key Concerns

  • 36 unprotected AJAX handlers
  • 47% of SQL queries use prepared statements
Vulnerabilities
1 published

Institute Management – Learning Management System Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-2714medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Institute Management <= 5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Enquiry Form Title' Setting

Feb 18, 2026Unpatched
Version History

Institute Management – Learning Management System Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Institute Management – Learning Management System Code Analysis

Dangerous Functions
0
Raw SQL Queries
59
52 prepared
Unescaped Output
20
440 escaped
Nonce Checks
36
Capability Checks
14
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

DataTables

SQL Query Safety

47% prepared111 total queries

Output Escaping

96% escaped460 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

13 flows
fetch_administrator (admin\inc\controllers\WL_IM_Administrator.php:103)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
36 unprotected

Institute Management – Learning Management System Attack Surface

Entry Points37
Unprotected36

AJAX Handlers 36

authwp_ajax_wl-im-get-administrator-dataadmin\admin.php:20
authwp_ajax_wl-im-add-administratoradmin\admin.php:21
authwp_ajax_wl-im-fetch-administratoradmin\admin.php:22
authwp_ajax_wl-im-update-administratoradmin\admin.php:23
authwp_ajax_wl-im-get-course-dataadmin\admin.php:26
authwp_ajax_wl-im-add-courseadmin\admin.php:27
authwp_ajax_wl-im-fetch-courseadmin\admin.php:28
authwp_ajax_wl-im-update-courseadmin\admin.php:29
authwp_ajax_wl-im-delete-courseadmin\admin.php:30
authwp_ajax_wl-im-get-batch-dataadmin\admin.php:33
authwp_ajax_wl-im-add-batchadmin\admin.php:34
authwp_ajax_wl-im-fetch-batchadmin\admin.php:35
authwp_ajax_wl-im-update-batchadmin\admin.php:36
authwp_ajax_wl-im-delete-batchadmin\admin.php:37
authwp_ajax_wl-im-get-enquiry-dataadmin\admin.php:40
authwp_ajax_wl-im-add-enquiryadmin\admin.php:41
authwp_ajax_wl-im-fetch-enquiryadmin\admin.php:42
authwp_ajax_wl-im-update-enquiryadmin\admin.php:43
authwp_ajax_wl-im-delete-enquiryadmin\admin.php:44
authwp_ajax_wl-im-get-student-dataadmin\admin.php:47
authwp_ajax_wl-im-add-studentadmin\admin.php:48
authwp_ajax_wl-im-fetch-studentadmin\admin.php:49
authwp_ajax_wl-im-update-studentadmin\admin.php:50
authwp_ajax_wl-im-delete-studentadmin\admin.php:51
authwp_ajax_wl-im-add-student-fetch-course-batchesadmin\admin.php:52
authwp_ajax_wl-im-add-student-fetch-course-update-batchesadmin\admin.php:53
authwp_ajax_wl-im-add-student-fetch-enquiriesadmin\admin.php:54
authwp_ajax_wl-im-add-student-fetch-enquiryadmin\admin.php:55
authwp_ajax_wl-im-add-student-fetch-fees-payableadmin\admin.php:56
authwp_ajax_wl-im-add-student-formadmin\admin.php:57
authwp_ajax_wl-im-get-installment-dataadmin\admin.php:60
authwp_ajax_wl-im-add-installmentadmin\admin.php:61
authwp_ajax_wl-im-fetch-installmentadmin\admin.php:62
authwp_ajax_wl-im-update-installmentadmin\admin.php:63
authwp_ajax_wl-im-delete-installmentadmin\admin.php:64
authwp_ajax_wl-im-add-installment-fetch-feesadmin\admin.php:65

Shortcodes 1

[institute_enquiry_form] public\public.php:12
WordPress Hooks 6
actionadmin_menuadmin\admin.php:14
actionadmin_initadmin\admin.php:17
actionplugins_loadedpublic\public.php:8
actionwp_enqueue_scriptspublic\public.php:10
actionadmin_post_wl-im-add-enquirypublic\public.php:15
actionadmin_post_nopriv_wl-im-add-enquirypublic\public.php:16
Maintenance & Trust

Institute Management – Learning Management System Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 23, 2026
PHP min version
Downloads26K

Community Trust

Rating60/100
Number of ratings8
Active installs100
Alternatives

Institute Management – Learning Management System Alternatives

The School Management – Education & Learning Management

The School Management – Education & Learning Management

school-management-system

A
99

The School Management System is a WordPress plugin to manage school and its entities such as classes, sections, students, ID cards, teachers, staff, f &hellip;

1K 1 CVE
UniLMS

UniLMS

unilms

A
85

A learning management system developed for universities, schools, colleges, academies or any other type of institutes.

10 No CVEs
Dream University Management

Dream University Management

dream-university-management

A
100

A comprehensive university management system for WordPress. Manage students, teachers, staff, courses, enrollments, and calculate CGPA.

0 No CVEs
The Ultimate Video Player For WordPress – by Presto Player

The Ultimate Video Player For WordPress – by Presto Player

presto-player

A
99

The Ultimate WordPress Video Player.

100K 2 CVEs
Tutor LMS – eLearning and online course solution

Tutor LMS – eLearning and online course solution

tutor

B
75

A complete WordPress LMS plugin to create any eLearning website easily.

100K 69 CVEs
Developer Profile

Institute Management – Learning Management System Developer Profile

Weblizar - WordPress Themes & Plugin

26 plugins · 56K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
952 days
View full developer profile
Detection Fingerprints

How We Detect Institute Management – Learning Management System

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/institute-management/admin/css/mdb.lite.min.css/wp-content/plugins/institute-management/admin/css/bootstrap.min.css/wp-content/plugins/institute-management/admin/css/font-awesome.min.css/wp-content/plugins/institute-management/admin/css/style.css/wp-content/plugins/institute-management/admin/js/bootstrap.min.js/wp-content/plugins/institute-management/admin/js/mdb.min.js/wp-content/plugins/institute-management/admin/js/custom.js/wp-content/plugins/institute-management/admin/js/datatable.js+2 more
Script Paths
/wp-content/plugins/institute-management/admin/js/bootstrap.min.js/wp-content/plugins/institute-management/admin/js/mdb.min.js/wp-content/plugins/institute-management/admin/js/custom.js/wp-content/plugins/institute-management/admin/js/datatable.js/wp-content/plugins/institute-management/public/js/public.js
Version Parameters
institute-management/admin/css/mdb.lite.min.css?ver=institute-management/admin/css/bootstrap.min.css?ver=institute-management/admin/css/font-awesome.min.css?ver=institute-management/admin/css/style.css?ver=institute-management/admin/js/bootstrap.min.js?ver=institute-management/admin/js/mdb.min.js?ver=institute-management/admin/js/custom.js?ver=institute-management/admin/js/datatable.js?ver=institute-management/public/css/public.css?ver=institute-management/public/js/public.js?ver=

HTML / DOM Fingerprints

CSS Classes
wl-im-dashboard-wrapperwl-im-courses-wrapperwl-im-batches-wrapperwl-im-enquiries-wrapperwl-im-students-wrapperwl-im-fees-wrapperwl-im-administrators-wrapperwl-im-settings-wrapper
HTML Comments
<!-- Institute Management admin page --><!-- Enquiries admin page --><!-- Institute Management public page -->
Data Attributes
data-wl-im-section
JS Globals
WL_IM_PLUGIN_URL
FAQ

Frequently Asked Questions about Institute Management – Learning Management System