294 matches found
CVE-2025-22346
Server-Side Request Forgery SSRF vulnerability in Faizaan Gagan Course Migration for LearnDash allows Server Side Request Forgery.This issue affects Course Migration for LearnDash: from 1.0.2 through n/a...
CVE-2025-22346 WordPress Course Migration for LearnDash plugin 1.0.2 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Faizaan Gagan Course Migration for LearnDash allows Server Side Request Forgery.This issue affects Course Migration for LearnDash: from 1.0.2 through n/a...
CVE-2025-22346 WordPress Course Migration for LearnDash plugin 1.0.2 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Faizaan Gagan Course Migration for LearnDash allows Server Side Request Forgery.This issue affects Course Migration for LearnDash: from 1.0.2 through n/a...
CVE-2025-22346
CVE-2025-22346: WordPress Course Migration for LearnDash plugin (versions 1.0.2 through n/a) suffers Server-Side Request Forgery (SSRF). The vulnerability is authenticated (Subscriber+) and is documented in multiple feeds (NVD/RedHat/CVELIST). The CVSS v3.1 base score is 6.4 (Network, Low/Low/No ...
CVE-2024-37438
Cross-Site Request Forgery CSRF vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Cross Site Request Forgery.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a before 4.1.4.1...
CVE-2024-37438 WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Cross Site Request Forgery.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a before 4.1.4.1...
CVE-2024-37438 WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Cross Site Request Forgery.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a before 4.1.4.1...
CVE-2024-37438
CVE-2024-37438 affects WordPress plugin Uncanny Toolkit Pro for LearnDash. A Cross-Site Request Forgery (CSRF) vulnerability exists in Uncanny Toolkit Pro for LearnDash versions before 4.1.4.1, enabling unauthorized actions to be performed by authenticated users. The issue is disclosed in multipl...
CVE-2023-34019
Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3...
CVE-2023-34019
CVE-2023-34019 covers a missing/incorrect authorization check in the Uncanny Toolkit for LearnDash (plugin: Uncanny Toolkit for LearnDash) prior to version 3.6.4.4. The vulnerability is categorized as Broken Access Control and is exploitable without authentication via the REST route reviewed-bann...
CVE-2023-34019 WordPress Uncanny Toolkit for LearnDash plugin <= 3.6.4.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash uncanny-learndash-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit for LearnDash: from n/a through = 3.6.4.3...
CVE-2023-34019 WordPress Uncanny Toolkit for LearnDash plugin <= 3.6.4.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3...
CVE-2024-37439
Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0...
CVE-2024-37439 WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Subscriber+ Arbitrary Post/Page Duplication vulnerability
Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0...
CVE-2024-37439
CVE-2024-37439 is a Missing Authorization vulnerability in Uncanny Toolkit Pro for LearnDash. Public sources describe it as an access-control weakness that could enable subscriber-level abuse, including arbitrary post/page duplication for Subscriber+ variants. Affected product is Uncanny Toolkit ...
CVE-2024-37439 WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Subscriber+ Arbitrary Post/Page Duplication vulnerability
Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0...
PT-2024-27553 · Uncanny · Uncanny Toolkit For Learndash
Name of the Vulnerable Software and Affected Versions: Uncanny Toolkit Pro for LearnDash versions 4.1.4.0 and earlier Description: The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. Recommendations: For...
CVE-2024-8349
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group...
CVE-2024-8350
The CVE entries CVE-2024-8350 and CVE-2024-8349 relate to the Uncanny Groups for LearnDash plugin for WordPress. All versions up to 6.1.0.1 are affected by a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint, allowing authenticated attackers with group leader...
CVE-2024-8349
CVE-2024-8349 / CVE-2024-8350 (Uncanny Groups for LearnDash, WordPress) : The WordPress plugin is vulnerable to privilege escalation via a flawed access check in the group-management REST endpoint. Authenticated users with group leader level access (and above) can add or modify group members and,...