CVE-2025-12098 - Academy LMS Pro <= 3.3.8 - unauthenticated sensitive information exposure via 'e...

CVE ID : CVE-2025-12098 Published : Nov. 8, 2025, 9:15 a.m. | 26 minutes ago Description : The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.8 via the 'enqueue_social_login_script' function. This makes it possible for unauthenticated attackers to extract sensitive data including the Facebook App Secret if Facebook Social Login is enabled. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...