Does LMSACE Connect – WooCommerce Moodle™ LMS Integration have any unpatched vulnerabilities?

Yes — LMSACE Connect – WooCommerce Moodle™ LMS Integration currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is LMSACE Connect – WooCommerce Moodle™ LMS Integration compatible with WordPress 6.8.5?

According to WordPress.org data, LMSACE Connect – WooCommerce Moodle™ LMS Integration 3.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is LMSACE Connect – WooCommerce Moodle™ LMS Integration compatible with PHP 5.6+?

LMSACE Connect – WooCommerce Moodle™ LMS Integration requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is LMSACE Connect – WooCommerce Moodle™ LMS Integration's security score?

LMSACE Connect – WooCommerce Moodle™ LMS Integration has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

LMSACE Connect – WooCommerce Moodle™ LMS Integration Security & Risk Analysis

wordpress.org/plugins/lmsace-connect

LMSACE Connect plugin connects the popular Moodle™ LMS with woocommerce. LMSACE Connect will help the course creators to sell their courses on WordPre …

300 active installs v3.4 PHP 5.6+ WP 4.6+ Updated May 28, 2025

laconnmoodlemoodle-woocommerce-integrationwoocommercewoocommerce-moodle-integration

B · Generally Safe

CVEs total1

Unpatched1

Last CVEJul 4, 2025

Plugin page Download

Safety Verdict

Is LMSACE Connect – WooCommerce Moodle™ LMS Integration Safe to Use in 2026?

Mostly Safe

Score 78/100

LMSACE Connect – WooCommerce Moodle™ LMS Integration is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Jul 4, 2025Updated 10mo ago

Risk Assessment

The lmsace-connect plugin v3.4 exhibits a mixed security posture. While a high percentage of output is properly escaped and there are no identified dangerous functions or critical/high severity taint flows, significant concerns remain. The presence of unprotected AJAX handlers presents a direct attack vector, especially when combined with a lack of nonce checks and only a single capability check. The raw SQL query without prepared statements is a notable risk for SQL injection vulnerabilities. Furthermore, the plugin has a history of a medium severity vulnerability, specifically related to missing authorization, which is a recurring theme in its security record. The recent unpatched vulnerability (as of 2025-07-04) further exacerbates these concerns, indicating a potential for ongoing security weaknesses. In conclusion, while some security best practices are followed, the unprotected entry points, raw SQL, and history of authorization issues, coupled with an unpatched vulnerability, point to a moderate to high risk profile.

Key Concerns

2 AJAX handlers without auth checks
1 SQL query without prepared statements
0 Nonce checks on AJAX handlers
1 Unpatched medium severity CVE
History of missing authorization vulnerabilities

Vulnerabilities

LMSACE Connect – WooCommerce Moodle™ LMS Integration Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-29007medium · 4.3Missing Authorization

LMSACE Connect <= 3.4 - Missing Authorization

Jul 4, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

LMSACE Connect – WooCommerce Moodle™ LMS Integration Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

148 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTablesSelect2

SQL Query Safety

0% prepared1 total queries

Output Escaping

91% escaped162 total outputs

Attack Surface

2 unprotected

LMSACE Connect – WooCommerce Moodle™ LMS Integration Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_lac_admin_clientincludes\admin\class-lac-admin.php:71

authwp_ajax_lac_user_enrollmentincludes\class-lac-woocom.php:54

Shortcodes 1

[lmsace_connect_summary] includes\class-lac-course.php:55

WordPress Hooks 34

actionadmin_menuincludes\admin\class-lac-admin.php:67

actionadmin_enqueue_scriptsincludes\admin\class-lac-admin.php:69

filterwoocommerce_product_data_tabsincludes\admin\class-lac-admin.php:74

filterwoocommerce_product_data_panelsincludes\admin\class-lac-admin.php:76

actionwoocommerce_process_product_meta_simpleincludes\admin\class-lac-admin.php:78

actionwoocommerce_process_product_meta_variableincludes\admin\class-lac-admin.php:79

filterlmsace_connect_course_import_serviceincludes\admin\class-lac-admin.php:82

filterlmsace_connect_before_course_updateincludes\admin\class-lac-admin.php:83

actionadmin_initincludes\admin\class-lac-admin.php:273

filtercron_schedulesincludes\class-lac-course.php:53

actionlac_import_courses_actionincludes\class-lac-course.php:54

actionwoocommerce_order_status_completedincludes\class-lac-woocom.php:44

actionwoocommerce_order_status_changedincludes\class-lac-woocom.php:46

actionadmin_noticesincludes\class-lac-woocom.php:50

actionadd_meta_boxesincludes\class-lac-woocom.php:52

filterwoocommerce_account_menu_itemsincludes\class-lac-woocom.php:56

actioninitincludes\class-lac-woocom.php:59

actionwoocommerce_account_mycourses_endpointincludes\class-lac-woocom.php:65

filterwoocommerce_quantity_input_argsincludes\class-lac-woocom.php:68

filterwoocommerce_add_to_cart_validationincludes\class-lac-woocom.php:70

actionwp_enqueue_scriptsincludes\class-lac-woocom.php:72

actionwp_footerincludes\class-lac-woocom.php:74

actionwoocommerce_loadedincludes\class-lac.php:153

actionadmin_noticesincludes\class-lac.php:154

actioninitincludes\class-lac.php:321

actionplugins_loadedlmsace-connect.php:38

actionbefore_woocommerce_initlmsace-connect.php:139

actionlmsace_connect_register_setting_fieldsmodules\sso\includes\admin\class-lacsso-admin.php:51

filterwp_loginmodules\sso\includes\class-lacsso-user.php:43

actionuser_registermodules\sso\includes\class-lacsso-user.php:45

filterlmsace_connect_courseurlmodules\sso\includes\class-lacsso-user.php:46

filterlmsace_connect_create_userdatamodules\sso\includes\class-lacsso-user.php:50

filterlmsace_connect_user_create_resultsmodules\sso\includes\class-lacsso-user.php:51

filterlmsace_connect_get_servicesmodules\sso\includes\class-lacsso.php:87

Scheduled Events 1

lac_import_courses_action

Maintenance & Trust

LMSACE Connect – WooCommerce Moodle™ LMS Integration Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 28, 2025

PHP min version5.6

Downloads4K

Community Trust

Rating60/100

Number of ratings2

Active installs300

Alternatives

LMSACE Connect – WooCommerce Moodle™ LMS Integration Alternatives

Woo to Moodle

woo-to-moodle

This plugin will automatically enroll in Moodle customers who buy the course in WooCommerce.

20 No CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Google for WooCommerce

google-listings-and-ads

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 6 CVEs

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

Developer Profile

LMSACE Connect – WooCommerce Moodle™ LMS Integration Developer Profile

LMSACE

1 plugin · 300 total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect LMSACE Connect – WooCommerce Moodle™ LMS Integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/lmsace-connect/assets/css/select2.min.css/wp-content/plugins/lmsace-connect/assets/js/select2.min.js/wp-content/plugins/lmsace-connect/assets/css/jquery.dataTables.min.css/wp-content/plugins/lmsace-connect/assets/js/jquery.dataTables.min.js/wp-content/plugins/lmsace-connect/assets/js/dataTables.select.min.js/wp-content/plugins/lmsace-connect/assets/css/select.dataTables.min.css/wp-content/plugins/lmsace-connect/assets/css/styles.css/wp-content/plugins/lmsace-connect/assets/js/admin.js

Script Paths

/wp-content/plugins/lmsace-connect/assets/js/select2.min.js/wp-content/plugins/lmsace-connect/assets/js/jquery.dataTables.min.js/wp-content/plugins/lmsace-connect/assets/js/dataTables.select.min.js/wp-content/plugins/lmsace-connect/assets/js/admin.js

Version Parameters

lmsace-connect/assets/css/select2.min.css?ver=lmsace-connect/assets/js/select2.min.js?ver=lmsace-connect/assets/css/jquery.dataTables.min.css?ver=lmsace-connect/assets/js/jquery.dataTables.min.js?ver=lmsace-connect/assets/js/dataTables.select.min.js?ver=lmsace-connect/assets/css/select.dataTables.min.css?ver=lmsace-connect/assets/css/styles.css?ver=lmsace-connect/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

lmsace_connect_main_wrapperlac-connection-optionslac-general-optionslac-import-courseslac-admin-section-title

HTML Comments

Data Attributes

data-lmsace-connect-iddata-lac-nonce

JS Globals

LMSACE_CONNECTlac_admin_params

REST Endpoints

/wp-json/lmsace-connect/v1/courses/wp-json/lmsace-connect/v1/sync_course_settings

Shortcode Output

[lmsace_connect_course_display][lmsace_connect_enrollment_button][lmsace_connect_course_progress]

FAQ