CVE-2024-12127

Published December 17th, 2024

View on NVD ↗

CVSS v3

6.1

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Sikshya LMS – LMS Course Builder, Online Courses & eLearning

Sikshya LMS — WordPress learning management plugin for online courses, quizzes, Stripe/PayPal checkout, certificates, and learner dashboards on your domain. Sikshya LMS is a WordPress LMS (learning management system) for educators and creators who want students to enroll, learn, and pay without leaving the site. It installs like other WordPress plugins: you control hosting, data, and branding. The free core lets you launch a real course catalog, sell when you are ready, and upgrade to Sikshya Pro when you need automation and advanced add-ons. <h3>At a glance</h3> <ul> <li>Sell — Free or paid online courses with Stripe and PayPal, coupons, and orders via <a href="https://mantrabrain.com/plugins/sikshya-lms/features/native-checkout/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_native_checkout" rel="nofollow ugc">native checkout</a> in the free core.</li> <li>Teach — Visual <a href="https://mantrabrain.com/plugins/sikshya-lms/features/course-builder/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_course_builder" rel="nofollow ugc">course builder</a>, structured curriculum, <a href="https://mantrabrain.com/plugins/sikshya-lms/features/video-text-lessons/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_video_text_lessons" rel="nofollow ugc">video & text lessons</a>, <a href="https://mantrabrain.com/plugins/sikshya-lms/features/quizzes/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_quizzes" rel="nofollow ugc">quizzes & auto-grading</a>, assignments, and <a href="https://mantrabrain.com/plugins/sikshya-lms/features/basic-certificates/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_basic_certificates" rel="nofollow ugc">course certificates</a>.</li> <li>Support learners — Dashboards, progress, wishlist, and role-aware flows for instructors and staff.</li> </ul> <h3>Quick links</h3> 👉 <a href="https://sikshya.mantrabrain.com/docs/?utm_source=wporg&utm_medium=readme&utm_campaign=documentation" rel="nofollow ugc">Documentation</a> 👉 <a href="https://try.new/plugins/sikshya/" rel="nofollow ugc">Try Sikshya LMS Free</a> 👉 <a href="https://try.mantrabrain.com/try-sikshya-pro/" rel="nofollow ugc">Try Sikshya LMS Pro</a> 👉 <a href="https://mantrabrain.com/plugins/sikshya-lms/?utm_source=wporg&utm_medium=readme&utm_campaign=home" rel="nofollow ugc">Sikshya LMS — product & pricing</a> 👉 <a href="https://mantrabrain.com/plugins/sikshya-lms/?utm_source=wporg&utm_medium=readme&utm_campaign=pro" rel="nofollow ugc">Sikshya Pro</a> 👉 <a href="https://www.facebook.com/groups/sikshyalms/" rel="nofollow ugc">Sikshya LMS Facebook Community</a> 👉 <a href="https://mantrabrain.com/plugins/sikshya-lms/?utm_source=wporg&utm_medium=readme&utm_campaign=compare#compare" rel="nofollow ugc">Compare Sikshya with LearnDash, Tutor LMS, LifterLMS, LearnPress, MemberPress</a> Join the community for release notes, setup tips, and peer discussion with other WordPress course creators. <iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/CF1p9slkQrg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe> <h3>Why choose Sikshya?</h3> <ul> <li>Creator-first workflow — A fast admin experience (React-powered shell) so you spend time teaching, not hunting through scattered WordPress screens.</li> <li>Commerce that belongs in the free core — Paid courses, coupons, orders, and mainstream gateways are part of the baseline story—not an afterthought locked behind “contact sales.”</li> <li>Sensible defaults — Fewer knobs on day one; advanced automation, marketplace, and reporting unlock with Sikshya Pro when you are ready to scale.</li> <li>WordPress-native — Courses, lessons, quizzes, and questions follow familiar custom post types and capabilities, with REST-oriented services where documented—so agencies and developers can extend predictably.</li> <li>Compatible with your stack — Works with the WordPress block editor (Gutenberg), Classic Editor, and popular page builders such as Elementor and Divi alongside your existing theme.</li> </ul> <h3>Self-hosted WordPress LMS — curriculum, quizzes, checkout, and certificates</h3> Install Sikshya on your WordPress site to keep ownership of course content, learner records, and payments—without renting a separate SaaS LMS just to deliver training. In plain English: you create courses in the WordPress admin; learners open your course pages on the front of your site, track progress in their account, and complete quizzes or assignments you publish. Use Sikshya for coaching, professional training, customer education, internal onboarding, or the start of a course marketplace—with full control of content, branding, and revenue. <h3>New to WordPress LMS plugins?</h3> <ul> <li>No code required to publish lessons and quizzes—you work inside Sikshya’s admin screens like other WordPress plugins.</li> <li>Your theme controls fonts and many layout basics; Sikshya adds course templates and learner views so selling and learning stay consistent.</li> <li>Start small: create one course, one short lesson, and one quiz; invite a test student account before you invite paying customers.</li> <li>Payments are optional: offer free courses first, then connect Stripe or PayPal when you sell.</li> </ul> <h3>Who is Sikshya for?</h3> <ul> <li>Coaches, consultants, and creators shipping paid programs without hiring a platform team.</li> <li>Training companies & academies replacing spreadsheets with enrollments, progress, and assessments.</li> <li>Teams doing internal training who need completion tracking and light certification.</li> <li>Agencies standardizing one dependable LMS layer across client sites (including multisite when configured carefully).</li> </ul> <h3>Extended use cases</h3> <ul> <li>Blended learning — Self-paced lessons plus scheduled touchpoints (extended live tooling ships in Pro where applicable).</li> <li>Customer education — Product training and onboarding academies tied to your brand site.</li> <li>Community & cohort programs — Clear curriculum and progress signals; pair with your favorite community plugins as needed.</li> </ul> <h3>Top features (free core)</h3> Each headline below links to its dedicated feature page on the Sikshya site. <a href="https://mantrabrain.com/plugins/sikshya-lms/features/course-builder/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_course_builder" rel="nofollow ugc">Course Builder</a> — curriculum + chapters <ul> <li>Unlimited courses, lessons, and quizzes (within your hosting limits).</li> <li>Structured curriculum with sections/chapters and drag-and-drop style ordering.</li> <li>Course landing content: descriptions, FAQs, announcements, preview lessons.</li> <li>Course archive with search and filters aligned to your theme.</li> </ul> <a href="https://mantrabrain.com/plugins/sikshya-lms/features/video-text-lessons/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_video_text_lessons" rel="nofollow ugc">Video & Text Lessons</a> — multi-format content <ul> <li>Lesson types: text, video via URL/embed-style delivery, downloadable materials.</li> <li>Optional transcript field (downloadable URL + paste-in text) for accessibility and SEO.</li> <li>Graceful media fallback when an embed or source can’t load.</li> </ul> <a href="https://mantrabrain.com/plugins/sikshya-lms/features/quizzes/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_quizzes" rel="nofollow ugc">Quizzes & Auto-grading</a> — assessment that actually scales <ul> <li>Quiz builder: multiple choice, true/false, short answer, essay, fill-in-the-blank, ordering, matching.</li> <li>Passing marks, attempts, and timer-oriented assessment controls.</li> <li>Sequential progression and chapter-style gating where configured.</li> <li>Mid-attempt auto-save so a refresh doesn’t wipe in-progress answers.</li> <li>Per-type score breakdown + optional per-question explanations on review.</li> <li>Assignments with submission and manual grading for real-world evaluation.</li> </ul> <a href="https://mantrabrain.com/plugins/sikshya-lms/features/basic-certificates/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_basic_certificates" rel="nofollow ugc">Course Certificates</a> — issued on completion <ul> <li>Two ready-to-use certificate templates (Heritage + Vertex) ship in the free core, marked default so they survive updates.</li> <li>PDF download from the learner profile when a course is completed.</li> <li>QR-based external verification ships in the Pro <a href="https://mantrabrain.com/plugins/sikshya-lms/features/certificates-advanced/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_certificates_advanced" rel="nofollow ugc">Advanced certificates</a> addon.</li> </ul> Learners <ul> <li>Student dashboard: enrollments, progress, resume learning.</li> <li>Wishlist for saved courses.</li> <li>Role-aware flows for administrators and instructors.</li> </ul> <a href="https://mantrabrain.com/plugins/sikshya-lms/features/native-checkout/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_native_checkout" rel="nofollow ugc">Native checkout</a> — checkout & monetization (free baseline) <ul> <li>Free courses, paid courses, and manual enrollment by staff.</li> <li>Stripe and PayPal as first-class payment paths in settings.</li> <li>Coupons: percentage or fixed discounts, redemption limits, optional date windows.</li> <li>Order management: visibility, notes, and administrative refund-style workflows as implemented per release.</li> </ul> Reliability & operations <ul> <li>Capability checks, nonces, and disciplined REST patterns aligned with WordPress security expectations.</li> <li>Transactional email hooks for enrollment, purchase, and completion journeys (templates evolve by release).</li> <li>Translation-ready (<code>sikshya</code> text domain); RTL-friendly layouts are a continuous improvement target—report theme-specific gaps via support.</li> </ul> <h3>Native commerce & checkout</h3> Sell access without duct-taping five plugins together for a basic launch: configure gateways, test in sandbox or test mode when available, publish your course page, and route buyers through a <a href="https://mantrabrain.com/plugins/sikshya-lms/features/native-checkout/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_native_checkout" rel="nofollow ugc">checkout experience</a> designed for digital education—not generic cart prose bolted onto an LMS. <h3>Platform notes</h3> <ul> <li>Themes — Built to cooperate with well-coded WordPress themes; use a default theme briefly if you need to isolate CSS conflicts.</li> <li>Multisite — Network-enabled; validate roles, capabilities, and data boundaries per site before production.</li> <li>Developers — Hooks and filters around enrollments, lesson completion, and quiz outcomes; REST coverage is summarized on the product site and expanded in <a href="https://sikshya.mantrabrain.com/docs/?utm_source=wporg&utm_medium=readme&utm_campaign=documentation" rel="nofollow ugc">Sikshya documentation</a>.</li> </ul> <h3>Upgrade to Sikshya Pro</h3> Unlock advanced <a href="https://mantrabrain.com/plugins/sikshya-lms/features/content-drip/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_content_drip" rel="nofollow ugc">content drip</a> and <a href="https://mantrabrain.com/plugins/sikshya-lms/features/prerequisites/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_prerequisites" rel="nofollow ugc">prerequisites</a>, <a href="https://mantrabrain.com/plugins/sikshya-lms/features/multi-instructor/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_multi_instructor" rel="nofollow ugc">multi-instructor</a> collaboration, <a href="https://mantrabrain.com/plugins/sikshya-lms/features/subscriptions/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_subscriptions" rel="nofollow ugc">subscriptions</a>, deeper <a href="https://mantrabrain.com/plugins/sikshya-lms/features/reports-advanced/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_reports_advanced" rel="nofollow ugc">analytics</a> and <a href="https://mantrabrain.com/plugins/sikshya-lms/features/gradebook/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_gradebook" rel="nofollow ugc">gradebook</a> workflows, <a href="https://mantrabrain.com/plugins/sikshya-lms/features/course-bundles/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_course_bundles" rel="nofollow ugc">course bundles</a>, <a href="https://mantrabrain.com/plugins/sikshya-lms/features/white-label/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_white_label" rel="nofollow ugc">white-label</a> options, and broader integrations. Free stays generous; Pro unlocks scale. 👉 <a href="https://mantrabrain.com/plugins/sikshya-lms/pricing/?utm_source=wporg&utm_medium=readme&utm_campaign=pro_detail" rel="nofollow ugc">Explore Sikshya Pro</a> 👉 <a href="https://mantrabrain.com/plugins/sikshya-lms/pricing/?utm_source=wporg&utm_medium=readme&utm_campaign=plans" rel="nofollow ugc">Sikshya pricing & plans</a> <h3>Sikshya Pro add-on catalog</h3> Below is the full commercial add-on line-up from the Sikshya feature registry. Each title links to pricing so you can compare plans. Availability varies by plan tier (Starter, Growth / Pro band, Scale); see the pricing page for the current matrix. <h4>Starter-band add-ons</h4> <ul> <li> <a href="https://mantrabrain.com/plugins/sikshya-lms/features/content-drip/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_content_drip" rel="nofollow ugc">Content drip & scheduled unlock</a> — Release lessons over time (“day 3 after signup”, dates, cohort pace) instead of opening the full catalog on day one. Best for paced programs and term-style delivery; disable for purely self‑paced libraries. </li> <li> <a href="https://mantrabrain.com/plugins/sikshya-lms/features/course-reviews/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_course_reviews" rel="nofollow ugc">Course reviews & ratings</a> — Collect star ratings and written reviews on course pages with moderation before they go live. Builds social proof in the catalog; turn off when public reviews don’t fit your model. </li> <li> <a href="https://mantrabrain.com/plugins/sikshya-lms/features/prerequisites/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_prerequisites" rel="nofollow ugc">Prerequisites (lessons & courses)</a> — Require completion of chosen lessons or whole courses before the next step unlocks—ideal for sequencing, compliance, or leveled paths. Leave off when every course stands alone. </li> <li> <a href="https://mantrabrain.com/plugins/sikshya-lms/features/instructor-dashboard/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_instructor_dashboard" rel="nofollow ugc">Instructor dashboard</a> — Gives each teacher a concise snapshot (e.g. enrollments on their courses) without sharing the whole admin site. Useful when instructors should see their numbers only. </li> <li> <a href="https://mantrabrain.com/plugins/sikshya-lms/features/drip-notifications/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_drip_notifications" rel="nofollow ugc">Drip & automation emails</a> — Optional transactional emails when drip rules unlock lessons or schedules (templates in Email templates). Pair with Content drip when you want “lesson unlocked” style notices. </li> <li> <a href="https://mantrabrain.com/plugins/sikshya-lms/features/calendar/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_calendar" rel="nofollow ugc">Calendar</a> — Shows learners a dated schedule—enrollments, upcoming drip unlocks, assignment due dates—on My account plus REST data for custom UIs. Handy when deadlines and releases should appear in one place. </li> </ul> <h4>Growth-band add-ons</h4> <ul> <li> <a href="https://mantrabrain.com/plugins/sikshya-lms/features/email-advanced-customization/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_email_advanced" rel="nofollow ugc">Professional email delivery & branded templates</a> — Route Sikshya emails through a proper ESP (SendGrid-style setup) and wrap messages with your branding. Improve deliverability versus generic PHP mail. </li> <li> <a href="https://mantrabrain.com/plugins/sikshya-lms/features/community-discussions/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_discussions" rel="nofollow ugc">Course discussions & Q&A</a> — In-course discussions and Q&A with instructor moderation for cohort-led learning. Skip when comments are handled entirely outside Sikshya. </li> <li> <a href="https://mantrabrain.com/plugins/sikshya-lms/features/multi-instructor/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_multi_instructor" rel="nofollow ugc">Multi-instructor & co-authors</a> — Assign multiple instructors per course with optional revenue splits for shared authoring and payouts. Keeps ledger-style splits disciplined at checkout. </li> <li> <a href="https://mantrabrain.com/plugins/sikshya-lms/features/reports-advanced/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_reports_advanced" rel="nofollow ugc">Advanced analytics & exports</a> — Download enrollment-style and progress-ready data for Excel/Sheets and offline planning. Bridges dashboard charts and spreadsheets when stakeholders need files. </li> <li> <a href="https://mantrabrain.com/plugins/sikshya-lms/features/gradebook/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_gradebook" rel="nofollow ugc">Gradebook</a> — Consolidates quizzes and graded assignments into a per‑learner, per‑course scores view plus export workflows. Targets real grading—not “completion only.” </li> <li> <a href="https://mantrabrain.com/plugins/sikshya-lms/features/activity-log/?utm_source=wporg&utm_medium=readme&utm_campaign=feature_activity_log" rel="nofollow ugc">Student activity log</a> — Timeline of milestones (enrollment, completions, quizzes, submissions, checkout) when you must answer what happened, when. Helpful support and dispute trail. </li> <li> <a href="https://mantrabrain.com/plugins

WordPress Plugin Directory

14.4K