WP-Safety

Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS Security & Risk Analysis

wordpress.org/plugins/sikshya

Sikshya is free Learning management system (LMS) for WordPress. It helps to create course, lessons, quizzes, questions and answers for your online cou …

30 active installs v0.0.22 PHP 7.2+ WP 4.7+ Updated Dec 14, 2024
courseelearninglearning-management-systemlmsquizzes
91
A · Safe
CVEs total2
Unpatched0
Last CVEJan 4, 2025
Plugin page Download
Safety Verdict

Is Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS Safe to Use in 2026?

Generally Safe

Score 91/100

Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 4, 2025Updated 1yr ago
Risk Assessment

The sikshya plugin v0.0.22 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by implementing nonce checks and capability checks for its identified entry points. A significant portion of its SQL queries utilize prepared statements, and a majority of its output is properly escaped, suggesting an awareness of common web vulnerabilities. However, the taint analysis reveals a notable concern with a high number of flows containing unsanitized paths, with four classified as high severity. This indicates potential pathways for attackers to inject malicious input that is not adequately cleaned before being processed, which could lead to various security issues, including command injection or file path traversal if not properly handled by the surrounding code.

The vulnerability history, with two known medium severity CVEs related to Cross-site Scripting (XSS), further reinforces the concern around input sanitization. While there are currently no unpatched vulnerabilities, the pattern of XSS vulnerabilities suggests a recurring weakness in how user-supplied data is handled, particularly when rendered in web pages. The presence of these past vulnerabilities, even if patched, necessitates careful monitoring and a proactive approach to securing the handling of all inputs.

In conclusion, while the plugin has strengths in its use of prepared statements and output escaping, the taint analysis and historical vulnerability data point to significant risks related to unsanitized input. The high number of unsanitized paths and the history of XSS vulnerabilities are major red flags that require immediate attention to prevent potential exploitation. Further investigation into the identified high severity taint flows is crucial.

Key Concerns

  • High severity taint flows identified
  • Significant number of unsanitized paths
  • History of XSS vulnerabilities
  • SQL queries not using prepared statements
  • Output not properly escaped
Vulnerabilities
2

Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-24630medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS <= 0.0.21 - Reflected Cross-Site Scripting

Jan 4, 2025 Patched in 0.0.22 (53d)
CVE-2024-12127medium · 6.1Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS <= 0.0.21 - Reflected Cross-Site Scripting via page Parameter

Dec 16, 2024 Patched in 0.0.22 (1d)
Code Analysis
Analyzed Mar 16, 2026

Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS Code Analysis

Dangerous Functions
0
Raw SQL Queries
19
79 prepared
Unescaped Output
360
1200 escaped
Nonce Checks
11
Capability Checks
14
File Operations
22
External Requests
5
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

81% prepared98 total queries

Output Escaping

77% escaped1560 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

9 flows7 with unsanitized paths
import_course (includes\class-sikshya-ajax.php:402)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 125
actionadmin_menuincludes\about\class-sikshya-about.php:25
actionadmin_enqueue_scriptsincludes\about\class-sikshya-about.php:26
filtersikshya_payment_gatewaysincludes\abstracts\abstract-sikshya-payment-gateways.php:30
filtersikshya_get_sections_payment-gatewaysincludes\abstracts\abstract-sikshya-payment-gateways.php:31
filtersikshya_get_settings_payment-gatewaysincludes\abstracts\abstract-sikshya-payment-gateways.php:32
actionadmin_enqueue_scriptsincludes\admin\class-sikshya-admin-assets.php:7
actionadmin_footerincludes\admin\class-sikshya-admin-assets.php:9
actionadmin_initincludes\admin\class-sikshya-admin-form-handler.php:7
actionadmin_menuincludes\admin\class-sikshya-admin-importer.php:8
actionadmin_enqueue_scriptsincludes\admin\class-sikshya-admin-importer.php:9
actionadmin_menuincludes\admin\class-sikshya-admin-menu.php:9
actionwp_loadedincludes\admin\class-sikshya-admin-menu.php:10
actioncurrent_screenincludes\admin\class-sikshya-admin-permalinks.php:36
actioninitincludes\admin\class-sikshya-admin.php:28
actionadmin_initincludes\admin\class-sikshya-admin.php:29
actioncurrent_screenincludes\admin\class-sikshya-admin.php:30
actioncheck_ajax_refererincludes\admin\class-sikshya-admin.php:31
filterdisplay_post_statesincludes\admin\class-sikshya-admin.php:32
actionmanage_posts_extra_tablenavincludes\admin\list-tables\abstract-class-sikshya-admin-list-table.php:43
filterview_mode_post_typesincludes\admin\list-tables\abstract-class-sikshya-admin-list-table.php:44
actionrestrict_manage_postsincludes\admin\list-tables\abstract-class-sikshya-admin-list-table.php:45
filterrequestincludes\admin\list-tables\abstract-class-sikshya-admin-list-table.php:46
filterpost_row_actionsincludes\admin\list-tables\abstract-class-sikshya-admin-list-table.php:47
filterdefault_hidden_columnsincludes\admin\list-tables\abstract-class-sikshya-admin-list-table.php:48
filterlist_table_primary_columnincludes\admin\list-tables\abstract-class-sikshya-admin-list-table.php:49
filtersikshya_settings_tabs_arrayincludes\admin\settings\class-sikshya-settings-base.php:41
actionadmin_menuincludes\admin\setup\class-sikshya-setup-wizard.php:16
actionadmin_initincludes\admin\setup\class-sikshya-setup-wizard.php:17
actionwp_enqueue_scriptsincludes\class-sikshya-assets.php:7
actionsikshya_flush_rewrite_rulesincludes\class-sikshya-custom-post-type.php:131
actionsikshya_after_register_post_typeincludes\class-sikshya-custom-post-type.php:132
actiontemplate_redirectincludes\class-sikshya-frontend-form-handler.php:7
actiontemplate_redirectincludes\class-sikshya-frontend-form-handler.php:8
actiontemplate_redirectincludes\class-sikshya-frontend-form-handler.php:9
actiontemplate_redirectincludes\class-sikshya-frontend-form-handler.php:10
actiontemplate_redirectincludes\class-sikshya-frontend-form-handler.php:11
actiontemplate_redirectincludes\class-sikshya-frontend-form-handler.php:12
actiontemplate_redirectincludes\class-sikshya-frontend-form-handler.php:13
actiontemplate_redirectincludes\class-sikshya-frontend-form-handler.php:14
actiontemplate_redirectincludes\class-sikshya-frontend-form-handler.php:15
actiontemplate_redirectincludes\class-sikshya-frontend-form-handler.php:16
actiontemplate_redirectincludes\class-sikshya-frontend-form-handler.php:17
actiontemplate_redirectincludes\class-sikshya-frontend-form-handler.php:18
actioninitincludes\class-sikshya-install.php:30
filterquery_varsincludes\class-sikshya-permalink-manager.php:7
actiongenerate_rewrite_rulesincludes\class-sikshya-permalink-manager.php:8
actionsikshya_flush_rewrite_rulesincludes\class-sikshya-permalink-manager.php:9
actionsikshya_after_register_post_typeincludes\class-sikshya-permalink-manager.php:10
filterpost_type_linkincludes\class-sikshya-permalink-manager.php:11
actionrest_api_initincludes\class-sikshya-rest-server.php:74
actionwidgets_initincludes\class-sikshya-widgets.php:9
actionplugins_loadedincludes\class-sikshya.php:245
actionafter_setup_themeincludes\class-sikshya.php:246
actionafter_setup_themeincludes\class-sikshya.php:247
actioninitincludes\class-sikshya.php:248
actioninitincludes\class-sikshya.php:249
actioninitincludes\class-sikshya.php:250
filteruse_block_editor_for_post_typeincludes\custom-post-type\class-sikshya-custom-post-type-course.php:119
actioninitincludes\custom-post-type\class-sikshya-custom-post-type-course.php:120
filterpost_updated_messagesincludes\custom-post-type\class-sikshya-custom-post-type-course.php:121
filteruse_block_editor_for_post_typeincludes\custom-post-type\class-sikshya-custom-post-type-lesson.php:71
actioninitincludes\custom-post-type\class-sikshya-custom-post-type-lesson.php:73
actioninitincludes\custom-post-type\class-sikshya-custom-post-type-order.php:78
filteruse_block_editor_for_post_typeincludes\custom-post-type\class-sikshya-custom-post-type-question.php:113
actioninitincludes\custom-post-type\class-sikshya-custom-post-type-question.php:115
filterpost_updated_messagesincludes\custom-post-type\class-sikshya-custom-post-type-question.php:116
filteruse_block_editor_for_post_typeincludes\custom-post-type\class-sikshya-custom-post-type-quiz.php:67
actioninitincludes\custom-post-type\class-sikshya-custom-post-type-quiz.php:69
filteruse_block_editor_for_post_typeincludes\custom-post-type\class-sikshya-custom-post-type-section.php:45
actioninitincludes\custom-post-type\class-sikshya-custom-post-type-section.php:47
actionsikshya_lesson_content_areaincludes\hooks\class-sikshya-lesson-hooks.php:8
actionsikshya_lesson_sidebar_areaincludes\hooks\class-sikshya-lesson-hooks.php:9
actionsikshya_lesson_content_top_barincludes\hooks\class-sikshya-lesson-hooks.php:10
actionsikshya_lesson_content_after_top_barincludes\hooks\class-sikshya-lesson-hooks.php:11
actionsikshya_lesson_navigation_areaincludes\hooks\class-sikshya-lesson-hooks.php:12
filtersikshya_register_log_handlersincludes\hooks\class-sikshya-log-handler-hooks.php:8
actioninitincludes\hooks\class-sikshya-misc-hooks.php:8
actionsikshya_after_place_orderincludes\hooks\class-sikshya-order-hooks.php:8
actionsikshya_after_order_status_changeincludes\hooks\class-sikshya-order-hooks.php:9
actionsikshya_after_quiz_contentincludes\hooks\class-sikshya-quiz-hooks.php:8
actionsikshya_quiz_question_answerincludes\hooks\class-sikshya-quiz-question-answer-hooks.php:8
actionsikshya_before_registration_formincludes\hooks\class-sikshya-template-hooks.php:8
actionsikshya_before_update_profile_formincludes\hooks\class-sikshya-template-hooks.php:9
actionsikshya_before_login_formincludes\hooks\class-sikshya-template-hooks.php:10
actionsikshya_before_single_course_curriculum_boxincludes\hooks\class-sikshya-template-hooks.php:11
actionsikshya_before_cart_tableincludes\hooks\class-sikshya-template-hooks.php:12
actionsikshya_before_checkout_formincludes\hooks\class-sikshya-template-hooks.php:13
actionsikshya_account_page_sidebarincludes\hooks\class-sikshya-template-hooks.php:14
actionsikshya_account_page_contentincludes\hooks\class-sikshya-template-hooks.php:15
actionsikshya_account_content_itemincludes\hooks\class-sikshya-template-hooks.php:16
actionsikshya_course_single_contentincludes\hooks\class-sikshya-template-hooks.php:17
filteradmin_bar_menuincludes\hooks\class-sikshya-template-hooks.php:18
filtertemplate_includeincludes\hooks\class-sikshya-template-hooks.php:19
actionplugins_loadedincludes\log-handlers\class-sikshya-log-handler-file.php:50
actionadd_meta_boxesincludes\meta-boxes\class-sikshya-metabox-course.php:15
actionsikshya_course_metaboxesincludes\meta-boxes\class-sikshya-metabox-course.php:17
actionsikshya_course_tab_curriculumincludes\meta-boxes\class-sikshya-metabox-course.php:18
actionsikshya_course_tab_generalincludes\meta-boxes\class-sikshya-metabox-course.php:19
actionsikshya_course_tab_requirementsincludes\meta-boxes\class-sikshya-metabox-course.php:20
actionsikshya_course_tab_outcomesincludes\meta-boxes\class-sikshya-metabox-course.php:21
actionsikshya_course_tab_pricingincludes\meta-boxes\class-sikshya-metabox-course.php:22
actionsikshya_course_tab_mediaincludes\meta-boxes\class-sikshya-metabox-course.php:23
actionsikshya_course_curriculum_tab_beforeincludes\meta-boxes\class-sikshya-metabox-course.php:24
actionsikshya_course_curriculum_tab_lesson_quiz_templateincludes\meta-boxes\class-sikshya-metabox-course.php:25
actionsikshya_course_tab_othersincludes\meta-boxes\class-sikshya-metabox-course.php:26
actionedit_form_after_editorincludes\meta-boxes\class-sikshya-metabox-course.php:188
actionadd_meta_boxesincludes\meta-boxes\class-sikshya-metabox-lesson.php:12
actionedit_form_after_editorincludes\meta-boxes\class-sikshya-metabox-lesson.php:25
actionadd_meta_boxesincludes\meta-boxes\class-sikshya-metabox-question.php:11
actionsave_postincludes\meta-boxes\class-sikshya-metabox-question.php:12
actionedit_form_after_editorincludes\meta-boxes\class-sikshya-metabox-question.php:38
actionadd_meta_boxesincludes\meta-boxes\class-sikshya-metabox-quiz.php:11
actionsave_postincludes\meta-boxes\class-sikshya-metabox-quiz.php:12
actionedit_form_after_editorincludes\meta-boxes\class-sikshya-metabox-quiz.php:41
actionadd_meta_boxesincludes\meta-boxes\class-sikshya-metabox-section.php:12
actionsave_postincludes\meta-boxes\class-sikshya-metabox-section.php:13
actionadmin_enqueue_scriptsincludes\modules\status\class-sikshya-module-status.php:7
actionadmin_menuincludes\modules\status\class-sikshya-module-status.php:8
actionadmin_initincludes\modules\status\class-sikshya-module-status.php:9
actionsikshya_status_system_statusincludes\modules\status\class-sikshya-module-status.php:10
actionsikshya_status_logsincludes\modules\status\class-sikshya-module-status.php:11
actioninitincludes\payment-gateways\paypal\class-sikshya-payment-gateway-paypal.php:24
actionsikshya_verify_paypal_ipnincludes\payment-gateways\paypal\class-sikshya-payment-gateway-paypal.php:25
actioninitincludes\taxonomy\class-sikshya-taxonomy-course-category.php:9
actioninitincludes\taxonomy\class-sikshya-taxonomy-course-tag.php:9
Maintenance & Trust

Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedDec 14, 2024
PHP min version7.2
Downloads14K

Community Trust

Rating0/100
Number of ratings0
Active installs30
Alternatives

Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS Alternatives

Tutor LMS – eLearning and online course solution

Tutor LMS – eLearning and online course solution

tutor

B
75

A complete WordPress LMS plugin to create any eLearning website easily.

100K 60 CVEs
LearnPress – WordPress LMS Plugin for Create and Sell Online Courses

LearnPress – WordPress LMS Plugin for Create and Sell Online Courses

learnpress

B
76

A WordPress LMS Plugin to create WordPress Learning Management System. Turn your WordPress to LMS WordPress Website with Courses, Lessons, Quizzes &am &hellip;

80K 63 CVEs
LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes

LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes

lifterlms

B
75

Complete e-learning platform to sell online courses, protect lessons, offer memberships, and quiz students. WP Learning Management System.

10K 15 CVEs
MasterStudy LMS WordPress Plugin – for Online Courses and Education

MasterStudy LMS WordPress Plugin – for Online Courses and Education

masterstudy-lms-learning-management-system

B
76

Learning Management System and eLearning plugin for WordPress. Create easily LMS WordPress website, add and sell Courses, Lessons, Quizzes online.

10K 24 CVEs
Masteriyo LMS – Online Course Builder for eLearning, LMS & Education

Masteriyo LMS – Online Course Builder for eLearning, LMS & Education

learning-management-system

A
86

The complete WordPress LMS plugin for course creation & monetization. Create engaging courses, lessons, quizzes, assignments & certificates.

4K 10 CVEs
Developer Profile

Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS Developer Profile

MantraBrain

11 plugins · 9K total installs

87
trust score
Avg Security Score
98/100
Avg Patch Time
88 days
View full developer profile
Detection Fingerprints

How We Detect Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sikshya/assets/vendor/tab/js/sikshya-tab.js/wp-content/plugins/sikshya/assets/vendor/jbox/dist/jBox.all.min.js/wp-content/plugins/sikshya/assets/vendor/tab/css/sikshya-tab.css/wp-content/plugins/sikshya/assets/vendor/jbox/dist/jBox.all.min.css/wp-content/plugins/sikshya/includes/about/about.css
Script Paths
/wp-content/plugins/sikshya/assets/vendor/tab/js/sikshya-tab.js/wp-content/plugins/sikshya/assets/vendor/jbox/dist/jBox.all.min.js
Version Parameters
sikshya-tab-js?ver=jbox-js?ver=sikshya-tab-css?ver=jbox-css?ver=sikshya-about-style?ver=

HTML / DOM Fingerprints

CSS Classes
sik-about-headersik-containersikshya-flexsik-product-titlesik-iconsik-versionsik-about-contentsik-about-content-item+1 more
Data Attributes
data-hook="sikshya-tab"
JS Globals
sikshya_print_js
Shortcode Output
[sikshya_registration][sikshya_account][sikshya_login]
FAQ

Frequently Asked Questions about Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS