Lucene search
K

6 matches found

Circl
Circl
added 2023/07/12 12:45 p.m.10 views

CVE-2023-3105

creationtimestamp| type| source ---|---|--- 2023-07-12 12:45:23+00:00| seen| https://t.me/cibsecurity/66502...

8.8CVSS8.9AI score0.02233EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/07/12 4:38 a.m.47 views

CVE-2023-3105 LearnDash LMS <= 4.6.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change

The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

8.8CVSS8.7AI score0.02233EPSS
Exploits2References2
The Hacker News
The Hacker News
added 2023/06/29 7:24 a.m.52 views

Critical Security Flaw in Social Login Plugin for WordPress Exposes Users' Accounts

A critical security flaw has been disclosed in miniOrange's Social Login and Register plugin for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known. Tracked as CVE-2023-2982 CVSS score: 9.8, the authentication bypass flaw...

7.2AI score0.46242EPSS
Exploits6
Patchstack
Patchstack
added 2023/06/27 12:0 a.m.24 views

WordPress LearnDash LMS Plugin <= 4.6.0 is vulnerable to Broken Authentication

Software LearnDash LMS Type Plugin Vulnerable versions = 4.6.0 Fixed in 4.6.0.1 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-3105 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fcee4e28c7df Credits István Márton Required...

8.8CVSS6.5AI score0.02233EPSS
Exploits2References2Affected Software1
Packet Storm
Packet Storm
added 2023/06/27 12:0 a.m.513 views

WordPress LearnDash LMS 4.6.0 Insecure Direct Object Reference

Description: LearnDash LMS = 4.6.0 – Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary User Password Change Affected Plugin: LearnDash LMS Plugin Slug: sfwd-lms Affected Versions: = 4.6.0 CVE ID: CVE-2023-3105 CVSS Score: 8.8 High CVSS Vector:...

7.1AI score0.02233EPSS
Exploits2
0day.today
0day.today
added 2023/06/27 12:0 a.m.358 views

WordPress LearnDash LMS 4.6.0 Insecure Direct Object Reference Vulnerability

Description: LearnDash LMS = 4.6.0 – Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary User Password Change Affected Plugin: LearnDash LMS Plugin Slug: sfwd-lms Affected Versions: = 4.6.0 CVE ID: CVE-2023-3105 CVSS Score: 8.8 High CVSS Vector:...

8.8CVSS7.1AI score0.02233EPSS
Exploits2
Rows per page
Query Builder