Lucene search
K

294 matches found

Nuclei
Nuclei
added 11 hours ago79 views

Uncanny Toolkit for LearnDash - Open Redirection

A vulnerability in the WordPress Uncanny Toolkit for LearnDash Plugin allowed malicious actors to redirect users, posing a potential risk of phishing incidents. The issue has been resolved in version 3.6.4.4, and users are urged to update for security. id: CVE-2023-34020 info: name: Uncanny Toolk...

6.1CVSS6.9AI score0.00963EPSS
Exploits0References3
Nuclei
Nuclei
added 11 hours ago111 views

LearnDash LMS < 4.10.3 - Sensitive Information Exposure

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions. id: CVE-2024-1208 info: name: LearnDash LMS 4.10.3 - Sensitive...

5.3CVSS6.5AI score0.05285EPSS
Exploits3References5
Nuclei
Nuclei
added 11 hours ago125 views

LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads. id:...

5.3CVSS6.7AI score0.02419EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago131 views

LearnDash LMS < 4.10.2 - Sensitive Information Exposure

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes. id: CVE-2024-1210 info: name: LearnDash LMS 4.10.2 - Sensitive Information...

5.3CVSS6.5AI score0.05285EPSS
Exploits3References5
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-13450

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.9.4 via the 'access' parameter due to missing validation on a user controlled key. This...

5.3CVSS5.9AI score0.00408EPSS
Exploits0References15
Patchstack
Patchstack
added 2026/06/11 12:9 p.m.13 views

WordPress Powerpack for LearnDash plugin < 1.3.0 - Unauthenticated Arbitrary Option Update vulnerability

Unauthenticated Arbitrary Option Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin PowerPack for LearnDash versions 1.3.0...

9.8CVSS7.8AI score0.00303EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.3 views

CVE-2026-3079

The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filtersorderbyorder' parameter in the 'learndashpropaneltemplate' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user supplied parameter and lack o...

6.5CVSS5.9AI score0.00272EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/24 5:23 p.m.5 views

WordPress LearnDash LMS plugin <= 5.0.3 - Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter vulnerability

Authenticated Contributor+ SQL Injection via 'filtersorderbyorder' Parameter vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin LearnDash LMS versions = 5.0.3...

6.5CVSS5.9AI score0.00272EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/24 2:16 a.m.3 views

CVE-2026-3079

The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filtersorderbyorder' parameter in the 'learndashpropaneltemplate' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user supplied parameter and lack o...

6.5CVSS0.00272EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/24 1:25 a.m.4 views

CVE-2026-3079

The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filtersorderbyorder' parameter in the 'learndashpropaneltemplate' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user supplied parameter and lack o...

6.5CVSS5.9AI score0.00272EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/03/24 1:25 a.m.2 views

CVE-2026-3079 LearnDash LMS <= 5.0.3 - Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter

The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filtersorderbyorder' parameter in the 'learndashpropaneltemplate' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user supplied parameter and lack o...

6.5CVSS5.9AI score0.00272EPSS
Exploits0References7
CVE
CVE
added 2026/03/24 1:25 a.m.14 views

CVE-2026-3079

CVE-2026-3079 affects the LearnDash LMS WordPress plugin. The vulnerability is a blind time-based SQL injection in the AJAX action learndash_propanel_template caused by insufficient escaping of the parameter filters[orderby_order] . It impacts all versions up to and including 5.0.3. Exploitation ...

6.5CVSS5.9AI score0.00272EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/03/24 1:25 a.m.35 views

CVE-2026-3079 LearnDash LMS <= 5.0.3 - Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter

The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filtersorderbyorder' parameter in the 'learndashpropaneltemplate' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user supplied parameter and lack o...

6.5CVSS0.00272EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.8 views

WordPress plugin LearnDash LMS SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.9AI score0.00272EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.16 views

PT-2026-27301

Name of the Vulnerable Software and Affected Versions LearnDash LMS plugin for WordPress versions prior to 5.0.4 Description The software is susceptible to a blind time-based SQL injection through the filtersorderby order parameter within the 'learndash propanel template' AJAX action. This is a...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.6 views

CVE-2026-2446

The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options such as defaultrole etc and create arbitrary admin users...

9.8CVSS5.9AI score0.00303EPSS
Exploits0References1
NVD
NVD
added 2026/03/06 6:15 a.m.9 views

CVE-2026-2446

The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options such as defaultrole etc and create arbitrary admin users...

9.8CVSS0.00303EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/06 6:0 a.m.5 views

CVE-2026-2446 Powerpack for LearnDash < 1.3.0 - Unauthenticated Arbitrary Option Update

The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options such as defaultrole etc and create arbitrary admin users...

5.9AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/06 6:0 a.m.32 views

CVE-2026-2446 Powerpack for LearnDash < 1.3.0 - Unauthenticated Arbitrary Option Update

The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options such as defaultrole etc and create arbitrary admin users...

0.00303EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.9 views

PT-2026-23651

Name of the Vulnerable Software and Affected Versions PowerPack for LearnDash WordPress plugin versions prior to 1.3.0 Description The PowerPack for LearnDash WordPress plugin lacks authorization and Cross-Site Request Forgery CSRF checks in an AJAX action. This allows unauthenticated users to...

9.8CVSS7.4AI score0.00303EPSS
Exploits0References8
Rows per page
Query Builder