5 matches found
CVE-2024-8350
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgmmanagement/v1/adduser/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group...
CVE-2024-8350
creationtimestamp| type| source ---|---|--- 2024-09-25 05:57:29+00:00| seen| https://t.me/cvedetector/6279...
CVE-2024-8350 Uncanny Groups for LearnDash <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgmmanagement/v1/adduser/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group...
CVE-2024-8350 Uncanny Groups for LearnDash <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgmmanagement/v1/adduser/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group...
WordPress Uncanny Groups for LearnDash Plugin <= 6.1.0.1 is vulnerable to Broken Access Control
Software Uncanny Groups for LearnDash Type Plugin Vulnerable versions = 6.1.0.1 Fixed in 6.1.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8350 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID d89e217025ab Credits Karl Emil Nikka...