6 matches found
CVE-2023-3105
creationtimestamp| type| source ---|---|--- 2023-07-12 12:45:23+00:00| seen| https://t.me/cibsecurity/66502...
CVE-2023-3105 LearnDash LMS <= 4.6.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change
The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...
Critical Security Flaw in Social Login Plugin for WordPress Exposes Users' Accounts
A critical security flaw has been disclosed in miniOrange's Social Login and Register plugin for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known. Tracked as CVE-2023-2982 CVSS score: 9.8, the authentication bypass flaw...
WordPress LearnDash LMS Plugin <= 4.6.0 is vulnerable to Broken Authentication
Software LearnDash LMS Type Plugin Vulnerable versions = 4.6.0 Fixed in 4.6.0.1 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-3105 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fcee4e28c7df Credits István Márton Required...
WordPress LearnDash LMS 4.6.0 Insecure Direct Object Reference
Description: LearnDash LMS = 4.6.0 – Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary User Password Change Affected Plugin: LearnDash LMS Plugin Slug: sfwd-lms Affected Versions: = 4.6.0 CVE ID: CVE-2023-3105 CVSS Score: 8.8 High CVSS Vector:...
WordPress LearnDash LMS 4.6.0 Insecure Direct Object Reference Vulnerability
Description: LearnDash LMS = 4.6.0 – Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary User Password Change Affected Plugin: LearnDash LMS Plugin Slug: sfwd-lms Affected Versions: = 4.6.0 CVE ID: CVE-2023-3105 CVSS Score: 8.8 High CVSS Vector:...