← Back to all sparks
L

LifterLMS

EDTECH
Velocity5.0

WordPress LMS plugin for creating and selling online courses with memberships, quizzes, and certificates.

LifterLMS is in a steady security-hardening cycle across the 10.0.x line

securityhardeningbug-fixeswordpressperformance
Current state
The entire recent 10.0.1–10.0.10 series is dominated by security fixes: added permission and input-validation checks across checkout, quiz, course-builder, REST API, and form-submission paths, many credited to external researchers. Functional changes are minor bug fixes; v10.0.7 stands out with a real caching improvement, and v10.0.4 added AGENTS.md/CLAUDE.md to guide AI coding agents.
Where it's heading
Frequent point releases (roughly weekly) that are almost entirely defensive hardening rather than new capability. The consistent stream of researcher-credited fixes suggests an active audit or bug-bounty effort against the 10.x branch.
Prediction
The security-fix cadence will likely continue near-term as the 10.x codebase is audited; no new user-facing feature direction is visible in these entries.

Recent moves

  1. 3d ago

    Version 10.0.10

    v10.0.10 adds pricing-markup sanitization and hardens post-search AJAX requests; two researcher-credited security fixes, consistent with the branch's hardening pattern.

    View source ↗
  2. 9d ago

    Version 10.0.9

    v10.0.9 fixes an access-plan dialog scroll bug in WP 7.0 and adds checks on quiz start, add-ons screen, and REST auth. Minor bug fix plus routine security hardening.

    View source ↗
  3. 14d ago

    Version 10.0.8

    v10.0.8 adds validation checks on checkout order creation, import-driven user creation, and account/registration form data; all security hardening.

    View source ↗
  4. 16d ago

    Version 10.0.7

    v10.0.7 stops issuing a session cookie to anonymous visitors until session data is actually written, keeping otherwise-anonymous views eligible for full-page caching; plus the usual security checks. A concrete performance/caching win amid the hardening stream.

    View source ↗
  5. 20d ago

    Version 10.0.6

    v10.0.6 adds a quiz-question update permission check and more E2E tests; small security-and-test release.

    View source ↗
  6. 1mo ago

    Version 10.0.5

    v10.0.5 deprecates an old quiz-question query method in favor of the Course Builder llms_builder AJAX flow; internal cleanup.

    View source ↗