Lucene search
+L

294 matches found

nvd
nvd
added 2025/01/15 4:15 p.m.17 views

CVE-2025-22346

Server-Side Request Forgery SSRF vulnerability in Faizaan Gagan Course Migration for LearnDash allows Server Side Request Forgery.This issue affects Course Migration for LearnDash: from 1.0.2 through n/a...

6.4CVSS0.00267EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/01/15 3:23 p.m.31 views

CVE-2025-22346 WordPress Course Migration for LearnDash plugin 1.0.2 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Faizaan Gagan Course Migration for LearnDash allows Server Side Request Forgery.This issue affects Course Migration for LearnDash: from 1.0.2 through n/a...

6.4CVSS7.3AI score0.00267EPSS
Exploits0References1
cvelist
cvelist
added 2025/01/15 3:23 p.m.34 views

CVE-2025-22346 WordPress Course Migration for LearnDash plugin 1.0.2 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Faizaan Gagan Course Migration for LearnDash allows Server Side Request Forgery.This issue affects Course Migration for LearnDash: from 1.0.2 through n/a...

6.4CVSS0.00267EPSS
Exploits0References1
cve
cve
added 2025/01/15 3:23 p.m.63 views

CVE-2025-22346

CVE-2025-22346: WordPress Course Migration for LearnDash plugin (versions 1.0.2 through n/a) suffers Server-Side Request Forgery (SSRF). The vulnerability is authenticated (Subscriber+) and is documented in multiple feeds (NVD/RedHat/CVELIST). The CVSS v3.1 base score is 6.4 (Network, Low/Low/No ...

6.4CVSS8.6AI score0.00267EPSS
Exploits0References1
nvd
nvd
added 2025/01/02 2:15 p.m.12 views

CVE-2024-37438

Cross-Site Request Forgery CSRF vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Cross Site Request Forgery.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a before 4.1.4.1...

5.4CVSS0.00167EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/01/02 1:31 p.m.4 views

CVE-2024-37438 WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Cross Site Request Forgery.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a before 4.1.4.1...

5.4CVSS7.2AI score0.00167EPSS
Exploits0References1
cvelist
cvelist
added 2025/01/02 1:31 p.m.23 views

CVE-2024-37438 WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Cross Site Request Forgery.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a before 4.1.4.1...

5.4CVSS0.00167EPSS
Exploits0References1
cve
cve
added 2025/01/02 1:31 p.m.55 views

CVE-2024-37438

CVE-2024-37438 affects WordPress plugin Uncanny Toolkit Pro for LearnDash. A Cross-Site Request Forgery (CSRF) vulnerability exists in Uncanny Toolkit Pro for LearnDash versions before 4.1.4.1, enabling unauthorized actions to be performed by authenticated users. The issue is disclosed in multipl...

5.4CVSS5.1AI score0.00167EPSS
Exploits0References1
nvd
nvd
added 2024/12/13 3:15 p.m.16 views

CVE-2023-34019

Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3...

6.5CVSS0.00574EPSS
Exploits0References1
cve
cve
added 2024/12/13 2:23 p.m.37 views

CVE-2023-34019

CVE-2023-34019 covers a missing/incorrect authorization check in the Uncanny Toolkit for LearnDash (plugin: Uncanny Toolkit for LearnDash) prior to version 3.6.4.4. The vulnerability is categorized as Broken Access Control and is exploitable without authentication via the REST route reviewed-bann...

6.5CVSS8.5AI score0.00574EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/12/13 2:23 p.m.10 views

CVE-2023-34019 WordPress Uncanny Toolkit for LearnDash plugin <= 3.6.4.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash uncanny-learndash-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit for LearnDash: from n/a through = 3.6.4.3...

6.5CVSS6.9AI score0.00574EPSS
Exploits0References1
cvelist
cvelist
added 2024/12/13 2:23 p.m.18 views

CVE-2023-34019 WordPress Uncanny Toolkit for LearnDash plugin <= 3.6.4.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3...

6.5CVSS0.00574EPSS
Exploits0References1
nvd
nvd
added 2024/11/01 3:15 p.m.11 views

CVE-2024-37439

Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0...

5.4CVSS0.00371EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/11/01 2:18 p.m.17 views

CVE-2024-37439 WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Subscriber+ Arbitrary Post/Page Duplication vulnerability

Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0...

5.4CVSS6.9AI score0.00371EPSS
Exploits0References1
cve
cve
added 2024/11/01 2:18 p.m.58 views

CVE-2024-37439

CVE-2024-37439 is a Missing Authorization vulnerability in Uncanny Toolkit Pro for LearnDash. Public sources describe it as an access-control weakness that could enable subscriber-level abuse, including arbitrary post/page duplication for Subscriber+ variants. Affected product is Uncanny Toolkit ...

5.4CVSS5.5AI score0.00371EPSS
Exploits0References1
cvelist
cvelist
added 2024/11/01 2:18 p.m.18 views

CVE-2024-37439 WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Subscriber+ Arbitrary Post/Page Duplication vulnerability

Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0...

5.4CVSS0.00371EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/11/01 12:0 a.m.8 views

PT-2024-27553 · Uncanny · Uncanny Toolkit For Learndash

Name of the Vulnerable Software and Affected Versions: Uncanny Toolkit Pro for LearnDash versions 4.1.4.0 and earlier Description: The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. Recommendations: For...

5.4CVSS7.2AI score0.00371EPSS
Exploits0References4
osv
osv
added 2024/09/25 3:15 a.m.4 views

CVE-2024-8349

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group...

7.2CVSS5.7AI score0.01164EPSS
Exploits1References2
cve
cve
added 2024/09/25 2:32 a.m.86 views

CVE-2024-8350

The CVE entries CVE-2024-8350 and CVE-2024-8349 relate to the Uncanny Groups for LearnDash plugin for WordPress. All versions up to 6.1.0.1 are affected by a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint, allowing authenticated attackers with group leader...

2.7CVSS5.1AI score0.00427EPSS
Exploits1References2Affected Software1
cve
cve
added 2024/09/25 2:32 a.m.58 views

CVE-2024-8349

CVE-2024-8349 / CVE-2024-8350 (Uncanny Groups for LearnDash, WordPress) : The WordPress plugin is vulnerable to privilege escalation via a flawed access check in the group-management REST endpoint. Authenticated users with group leader level access (and above) can add or modify group members and,...

7.2CVSS5.3AI score0.01164EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder