WP-Safety

Mis Cursos LMS Security & Risk Analysis

wordpress.org/plugins/mis-cursos

Mis Cursos LMS is a simple LMS plugin that helps manage courses, users, embedded videos, file downloads. tests and certificates.

10 active installs v4.81 PHP 5.6+ WP 3.5+ Updated Mar 28, 2023
course-lessons-video-vimeo-paypal-elearning-lms-teaching-learning
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Mis Cursos LMS Safe to Use in 2026?

Generally Safe

Score 85/100

Mis Cursos LMS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "mis-cursos" plugin v4.81 presents a mixed security posture. While it boasts a clean vulnerability history with no recorded CVEs, indicating a potentially well-maintained codebase in the past, the static analysis reveals several areas of concern. A significant portion of the code (50%) lacks proper output escaping, which could lead to cross-site scripting (XSS) vulnerabilities if attacker-controlled data reaches the output without sanitization. Furthermore, the taint analysis indicates a substantial number of flows with unsanitized paths, with 15 classified as high severity. This, combined with unprotected AJAX handlers, suggests potential pathways for attackers to inject malicious code or data. The presence of unprotected AJAX handlers is a direct entry point for potential exploits. The large number of SQL queries, while mostly prepared, still warrants attention given the potential for logic flaws or unintended consequences with many data interactions. The plugin's strength lies in its lack of known vulnerabilities and the good practice of using prepared statements for most SQL queries and implementing a decent number of capability checks. However, the identified issues with output escaping and unsanitized data flows, especially with high-severity taint flows, require immediate attention to mitigate potential security risks.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows with unsanitized paths
  • Output escaping is not properly implemented for 50%
Vulnerabilities
None known

Mis Cursos LMS Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Mis Cursos LMS Code Analysis

Dangerous Functions
0
Raw SQL Queries
37
144 prepared
Unescaped Output
549
548 escaped
Nonce Checks
23
Capability Checks
106
File Operations
24
External Requests
0
Bundled Libraries
1

Bundled Libraries

Stripe PHP

SQL Query Safety

80% prepared181 total queries

Output Escaping

50% escaped1097 total outputs
Data Flows
22 unsanitized

Data Flow Analysis

25 flows22 with unsanitized paths
mis_cursos_ficheros_upload (mis-cursos-ficheros.php:392)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Mis Cursos LMS Attack Surface

Entry Points38
Unprotected4

AJAX Handlers 21

authwp_ajax_mis_cursos_certificate_hookmis-cursos-certificates.php:11
noprivwp_ajax_mis_cursos_certificate_hookmis-cursos-certificates.php:12
authwp_ajax_mis_cursos_CuePoint_loadmis-cursos-cuepoints.php:254
authwp_ajax_mis_cursos_CuePoint_addmis-cursos-cuepoints.php:255
authwp_ajax_mis_cursos_CuePoint_delmis-cursos-cuepoints.php:256
authwp_ajax_mis_cursos_event_sendmis-cursos-events.php:338
authwp_ajax_mis_cursos_event_deletemis-cursos-events.php:367
noprivwp_ajax_mis_cursos_log_user_metamis-cursos-log.php:695
authwp_ajax_mis_cursos_log_user_metamis-cursos-log.php:696
authwp_ajax_mis_cursos_log_get_secondsmis-cursos-log.php:734
authwp_ajax_mis_cursos_video_logmis-cursos-log.php:793
noprivwp_ajax_mis_cursos_sales_itemmis-cursos-sales.php:180
authwp_ajax_mis_cursos_sales_itemmis-cursos-sales.php:181
noprivwp_ajax_mis_cursos_sales_listmis-cursos-sales.php:185
authwp_ajax_mis_cursos_sales_listmis-cursos-sales.php:186
noprivwp_ajax_mis_cursos_test_preguntamis-cursos-test-preguntas.php:126
authwp_ajax_mis_cursos_test_preguntamis-cursos-test-preguntas.php:127
noprivwp_ajax_mis_cursos_select_test_form_hookmis-cursos-test.php:376
authwp_ajax_mis_cursos_select_test_form_hookmis-cursos-test.php:377
authwp_ajax_mis_cursos_auditor_actionmis-cursos-users-auditor.php:33
authwp_ajax_mis_cursos_get_databasewindows.php:10

REST API Routes 5

GET/wp-json/mis_cursoscartcart.php:16
GET/wp-json/mis_cursoscartmis-cursos-stripe-cart.php:21
GET/wp-json/mis_cursoscheckout_sessionmis-cursos-stripe.php:133
GET/wp-json/mis_cursoscartstripe-cart.php:103
GET/wp-json/mis_cursoscheckout_sessionstripe-sessions.php:27

Shortcodes 12

[mis_cursos] mis-cursos-shortcode.php:27
[mis_cursos_no_logueado] mis-cursos-shortcode.php:92
[mis_cursos_logueado] mis-cursos-shortcode.php:100
[mis_cursos_promocion] mis-cursos-shortcode.php:108
[mis_cursos_fichero] mis-cursos-shortcode.php:116
[mis_cursos_videos] mis-cursos-shortcode.php:143
[mis_cursos_test] mis-cursos-shortcode.php:153
[mis_cursos_sales] mis-cursos-shortcode.php:185
[mis_cursos_stripe] mis-cursos-stripe.php:386
[mis_cursos_stripe_button] mis-cursos-stripe.php:387
[mis_cursos_stripe] stripe-sessions.php:298
[mis_cursos_stripe_button] stripe-sessions.php:299
WordPress Hooks 86
actionrest_api_initcart.php:14
actioninitcart.php:46
actionplugins_loadedcart.php:407
actionload-index.phpcursos.php:94
actionadmin_menucursos.php:96
actionwp_dashboard_setupcursos.php:122
filterlogin_redirectcursos.php:144
actionplugins_loadedcursos.php:279
actionwp_enqueue_scriptscursos.php:292
actionwp_enqueue_scriptscursos.php:312
filterscript_loader_tagcursos.php:316
filterstyle_loader_tagcursos.php:337
actionadmin_enqueue_scriptscursos.php:349
actionadmin_enqueue_scriptscursos.php:353
actionadmin_enqueue_scriptscursos.php:375
actionwp_enqueue_scriptscursos.php:394
actionadmin_enqueue_scriptscursos.php:401
actionplugins_loadedcursos.php:404
actioninitmis-cursos-certificates.php:322
actionload-post.phpmis-cursos-certificates.php:400
actionload-post-new.phpmis-cursos-certificates.php:401
actionadd_meta_boxesmis-cursos-certificates.php:406
actionsave_postmis-cursos-certificates.php:407
filterwp_mail_content_typemis-cursos-events.php:455
filterwp_mail_content_typemis-cursos-events.php:458
actionmis_cursos_eventmis-cursos-events.php:716
actionplugins_loadedmis-cursos-events.php:782
actionadmin_post_nopriv_mis_cursos_importa_hookmis-cursos-export.php:73
actionadmin_post_mis_cursos_importa_hookmis-cursos-export.php:74
actionadmin_post_nopriv_mis_cursos_exporta_hookmis-cursos-export.php:76
actionadmin_post_mis_cursos_exporta_hookmis-cursos-export.php:77
actionadmin_post_nopriv_mis_cursos_ficheros_hookmis-cursos-ficheros.php:40
actionadmin_post_mis_cursos_ficheros_hookmis-cursos-ficheros.php:41
filterupload_dirmis-cursos-ficheros.php:406
actioninitmis-cursos-ficheros.php:478
actionwp_logoutmis-cursos-ficheros.php:480
actionwp_loginmis-cursos-ficheros.php:482
actionplugins_loadedmis-cursos-ficheros.php:516
actionshow_user_profilemis-cursos-list-users.php:416
actionedit_user_profilemis-cursos-list-users.php:417
actionpersonal_options_updatemis-cursos-list-users.php:442
actionedit_user_profile_updatemis-cursos-list-users.php:443
actionwp_loginmis-cursos-list-users.php:456
actionwp_logoutmis-cursos-list-users.php:457
actionplugins_loadedmis-cursos-log.php:863
actionplugins_loadedmis-cursos-log.php:903
actionadmin_initmis-cursos-options.php:13
actionadmin_menumis-cursos-options.php:14
filterwp_privacy_personal_data_erasersmis-cursos-privacy.php:62
filterwp_privacy_personal_data_exportersmis-cursos-privacy.php:204
filterwp_mail_content_typemis-cursos-promocion.php:95
filterwp_mail_frommis-cursos-promocion.php:96
filterwp_mail_from_namemis-cursos-promocion.php:97
actionplugins_loadedmis-cursos-register.php:217
actionmis_cursos_stripe_paymentmis-cursos-sales.php:546
actionrest_api_initmis-cursos-stripe-cart.php:19
actioninitmis-cursos-stripe-cart.php:126
actionplugins_loadedmis-cursos-stripe-cart.php:465
actionrest_api_initmis-cursos-stripe.php:131
actionplugins_loadedmis-cursos-test-evaluar.php:233
actionplugins_loadedmis-cursos-test-preguntas.php:644
actionplugins_loadedmis-cursos-test.php:675
filtermanage_users_columnsmis-cursos-usuarios.php:42
actionmanage_users_custom_columnmis-cursos-usuarios.php:66
actiondelete_usermis-cursos-usuarios.php:362
filterwp_mail_content_typemis-cursos-usuarios.php:428
filterwp_mail_frommis-cursos-usuarios.php:429
filterwp_mail_from_namemis-cursos-usuarios.php:430
filterwp_mail_content_typemis-cursos-usuarios.php:432
filterwp_mail_content_typemis-cursos-usuarios.php:462
filterwp_mail_frommis-cursos-usuarios.php:463
filterwp_mail_from_namemis-cursos-usuarios.php:464
filterwp_mail_content_typemis-cursos-usuarios.php:466
actionplugins_loadedmis-cursos-videos-list.php:235
actionwpspc_paypal_ipn_processedmis-cursos-wp-simple-paypal.php:59
filterwp_mail_content_typemis-cursos-wp-simple-paypal.php:156
filterwp_mail_frommis-cursos-wp-simple-paypal.php:157
filterwp_mail_from_namemis-cursos-wp-simple-paypal.php:158
filterwp_mail_content_typemis-cursos-wp-simple-paypal.php:160
actionplugins_loadedstripe-cart-admin-page.php:115
actioninitstripe-cart.php:20
actionrest_api_initstripe-cart.php:101
actionrest_api_initstripe-sessions.php:25
actioninitstripe-sessions.php:199
actionwp_loadedstripe-sessions.php:212
actionplugins_loadedvideos.php:188

Scheduled Events 1

mis_cursos_event
Maintenance & Trust

Mis Cursos LMS Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedMar 28, 2023
PHP min version5.6
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Mis Cursos LMS Alternatives

No alternatives data available yet.

Developer Profile

Mis Cursos LMS Developer Profile

capbussat

3 plugins · 40 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Mis Cursos LMS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mis-cursos/js/mis_cursos.js/wp-content/plugins/mis-cursos/js/mis_cursos.min.js/wp-content/plugins/mis-cursos/css/mis_cursos.css/wp-content/plugins/mis-cursos/css/mis_cursos.min.css
Script Paths
/wp-content/plugins/mis-cursos/js/mis_cursos.js/wp-content/plugins/mis-cursos/js/mis_cursos.min.js
Version Parameters
mis-cursos/js/mis_cursos.js?ver=mis-cursos/css/mis_cursos.css?ver=

HTML / DOM Fingerprints

CSS Classes
mis_cursos_course_title
Data Attributes
data-course-id
JS Globals
mis_cursos_data
Shortcode Output
[mis_cursos_display_courses][mis_cursos_login_form][mis_cursos_course_content]
FAQ

Frequently Asked Questions about Mis Cursos LMS