WP-Safety

Training – Courses Security & Risk Analysis

wordpress.org/plugins/training

This Training Plugin can be used to easily create courses online. Each course curriculum can be made with modules, lessons and exercises.

20 active installs v2.0.1 PHP + WP 4.5+ Updated Unknown
e-learningonline-coursesonline-training-lmstrainingwordpress
77
B · Generally Safe
CVEs total1
Unpatched1
Last CVEOct 30, 2024
Plugin page Download
Safety Verdict

Is Training – Courses Safe to Use in 2026?

Mostly Safe

Score 77/100

Training – Courses is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Oct 30, 2024
Risk Assessment

The "training" v2.0.1 plugin exhibits a mixed security posture. While it demonstrates good practices like utilizing prepared statements for a high percentage of its SQL queries and includes nonce and capability checks, significant concerns arise from the static analysis. The presence of 13 dangerous function calls, notably 'unserialize', combined with 19 analyzed taint flows where all paths lead to unsanitized output, including 17 of high severity, indicates a substantial risk of code injection or manipulation vulnerabilities. The high percentage of unsanitized paths in the taint analysis is particularly alarming and suggests potential security weaknesses that could be exploited to execute arbitrary code or compromise data integrity.

The plugin's vulnerability history further exacerbates these concerns. With one known high-severity CVE that remains unpatched, and a history of 'Unrestricted Upload of File with Dangerous Type' vulnerabilities, there's a clear pattern of exploitable weaknesses. This suggests a recurring issue with how the plugin handles user-supplied input or file uploads, leaving it susceptible to malicious actors. While the limited attack surface of two shortcodes as entry points is positive, the underlying code quality and the unresolved high-severity vulnerability present a significant risk that should not be overlooked. Further investigation into the specific 'unserialize' usage and the high-severity taint flows is strongly recommended.

Key Concerns

  • Unpatched high severity CVE
  • High severity taint flows found
  • All taint flows have unsanitized paths
  • Dangerous function 'unserialize' used
  • Low percentage of properly escaped output
  • Bundled library DataTables
Vulnerabilities
1

Training – Courses Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched
2024
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2024-50529high · 8.8Unrestricted Upload of File with Dangerous Type

Training – Courses <= 2.0.1 - Authenticated (Subscriber+) Arbitrary File Upload

Oct 30, 2024Unpatched
Code Analysis
Analyzed Mar 16, 2026

Training – Courses Code Analysis

Dangerous Functions
13
Raw SQL Queries
52
548 prepared
Unescaped Output
568
244 escaped
Nonce Checks
1
Capability Checks
1
File Operations
3
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$links = unserialize($project_data->links);library\training-lib.php:1371
unserialize$doc_files = unserialize($project_data->doc_files);library\training-lib.php:1372
unserialize$existing_links = unserialize($resourc_data->links);library\training-lib.php:1449
unserialize$existing_medias = unserialize($resourc_data->doc_files);library\training-lib.php:1458
unserialize$links = unserialize($slct_links->links);library\training-lib.php:1862
unserialize$doc_fls = unserialize($slct_links->doc_files);library\training-lib.php:1881
unserialize$links = unserialize($slct_links->doc_files);library\training-lib.php:1974
unserialize$doc_fls = unserialize($slct_links->links);library\training-lib.php:1993
unserialize$links = unserialize($links);library\training-lib.php:2064
unserialize$docfiles = unserialize($proj_links->doc_files);library\training-lib.php:2075
unserialize$projlinks = unserialize($proj_links->links);views\common.php:177
unserialize$image_arr = unserialize($value->doc_files);views\course_data.php:56
unserialize$link_arr = unserialize($value->links);views\course_data.php:57

Bundled Libraries

DataTables

SQL Query Safety

91% prepared600 total queries

Output Escaping

30% escaped812 total outputs
Data Flows
19 unsanitized

Data Flow Analysis

19 flows19 with unsanitized paths
<fron_lesson_detail> (views\fron_lesson_detail.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Training – Courses Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[all_courses] inc\tr-functions.php:39
[course_detail] inc\tr-functions.php:46
WordPress Hooks 11
actionadmin_initinc\tr-functions.php:17
filterpage_templateinc\tr-functions.php:48
actionadmin_bar_menuinc\tr-functions.php:150
actionadmin_enqueue_scriptsinc\tr-scripts.php:57
actionadmin_headinc\tr-scripts.php:64
actionwp_enqueue_scriptsinc\tr-scripts.php:70
actionwp_headinc\tr-scripts.php:77
actioninitinc\tr-scripts.php:81
actionadmin_menuwp-training.php:33
actionwp_headwp-training.php:49
actionadmin_headwp-training.php:51
Maintenance & Trust

Training – Courses Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedUnknown
PHP min version
Downloads6K

Community Trust

Rating100/100
Number of ratings1
Active installs20
Alternatives

Training – Courses Alternatives

Fox LMS – eLearning & Course Builder

Fox LMS – eLearning & Course Builder

fox-lms

A
94

Easily create online courses, lessons, and quizzes for your WordPress LMS website with this simple eLearning plugin for WordPress.

60 1 CVE
WP Learn Manager

WP Learn Manager

learn-manager

B
84

WP Learn Manager is the most comprehensive, extensive, and feature-rich WordPress LMS plugin.

10 2 CVEs
MemberWunder LMS – Learning Management System – Ein WordPress e-Learning Plugin

MemberWunder LMS – Learning Management System – Ein WordPress e-Learning Plugin

memberwunder

A
85

Ein WordPress e-Learning (LMS) Plugin, um sogenannte WordPress Learning Management Systeme zu erstellen mit anpassbaren Designs und sofort einsetzbare &hellip;

10 No CVEs
TrainingPress

TrainingPress

trainingpress

A
92

TrainingPress Plugin can be used to easily create & sell courses online. Each course curriculum can be made with modules, chapters and exercises.

0 No CVEs
All-in-One WP Migration and Backup

All-in-One WP Migration and Backup

all-in-one-wp-migration

A
90

Trusted by 60M+ sites: The gold standard for WordPress migration and backup. Migrate, backup, and restore your WordPress site with one click.

5.0M 13 CVEs
Developer Profile

Training – Courses Developer Profile

rudrainn

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Training – Courses

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/training/assets/js/jquery.validate.js/wp-content/plugins/training/assets/js/jquery.visible.min.js/wp-content/plugins/training/assets/js/jquery.dataTables.js/wp-content/plugins/training/assets/js/script.js/wp-content/plugins/training/assets/css/style.css/wp-content/plugins/training/assets/css/jquery.dataTables.css/wp-content/plugins/training/assets/css/font-awesome.min.css
Script Paths
/wp-content/plugins/training/assets/js/jquery.validate.js/wp-content/plugins/training/assets/js/jquery.visible.min.js/wp-content/plugins/training/assets/js/jquery.dataTables.js/wp-content/plugins/training/assets/js/script.js
Version Parameters
training/assets/js/jquery.validate.js?ver=training/assets/js/script.js?ver=training/assets/css/style.css?ver=

HTML / DOM Fingerprints

JS Globals
notification_timeoutnotification_timeout_ishowisLesson_detailPagetrdatartr_script_data
Shortcode Output
[all_courses][course_detail]
FAQ

Frequently Asked Questions about Training – Courses