EUVD-2026-14691

The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filtersorderbyorder' parameter in the 'learndashpropaneltemplate' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user supplied parameter and lack o...

CVE-2026-2446

CVE-2026-2446 affects the PowerPack for LearnDash WordPress plugin prior to 1.3.0. The issue is an missing authorization and CSRF protection in an AJAX action, enabling unauthenticated users to update arbitrary WordPress options (e.g., default_role) and to create arbitrary admin users. Impact is ...

WordPress plugin PowerPack for LearnDash 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-57988 WordPress Uncanny Toolkit for LearnDash Plugin <= 3.7.0.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash uncanny-learndash-toolkit allows Stored XSS.This issue affects Uncanny Toolkit for LearnDash: from n/a through = 3.7.0.3...

WordPress plugin Uncanny Toolkit for LearnDash 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

PT-2025-6730 · Learndash · Learndash

Name of the Vulnerable Software and Affected Versions: LearnDash version 6.7.1 Description: A stored Cross-Site Scripting XSS issue was discovered in the materials-content class. This issue allows for malicious scripts to be stored and executed on the site, potentially affecting user sessions...

PT-2025-5483 · Unknown · Learndash Lms

Name of the Vulnerable Software and Affected Versions: LearnDash LMS versions 4.20.0.1 and earlier Description: The issue is related to a Missing Authorization vulnerability in LearnDash LMS, which allows exploiting incorrectly configured access control security levels. Recommendations: For...

WordPress plugin Course Migration for LearnDash 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...

PT-2025-4460 · Learndash · Faizaan Gagan Course Migration For Learndash

Name of the Vulnerable Software and Affected Versions: Faizaan Gagan Course Migration for LearnDash versions 1.0.2 through n/a Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability, which allows for Server Side Request Forgery. This means an attacker can potentiall...

WordPress Course Migration for LearnDash plugin 1.0.2 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Course Migration for LearnDash versions 1.0.2...

WordPress plugin Uncanny Toolkit Pro for LearnDash 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

PT-2025-2483 · Uncanny Owl · Uncanny Toolkit For Learndash

Name of the Vulnerable Software and Affected Versions: Uncanny Toolkit Pro for LearnDash versions prior to 4.1.4.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows unauthorized actions to be performed on behalf of a user. This can lead to various security...

CVE-2023-34019

Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash uncanny-learndash-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit for LearnDash: from n/a through = 3.6.4.3...

WordPress plugin Uncanny Toolkit for LearnDash 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-12462 · Uncanny · Uncanny Toolkit For Learndash

Name of the Vulnerable Software and Affected Versions: Uncanny Toolkit for LearnDash versions 3.6.4.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For version...

WordPress plugin Uncanny Toolkit Pro for LearnDash 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-8350

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgmmanagement/v1/adduser/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group...

WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Uncanny Toolkit Pro for LearnDash versions 4.1.4.1...

CVE-2023-34020

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3...

PT-2023-8521 · WordPress · Learndash Lms

Name of the Vulnerable Software and Affected Versions: LearnDash LMS plugin for WordPress versions up to, and including, 4.10.1 Description: The issue is related to Sensitive Information Exposure, which can be exploited via API, allowing unauthenticated attackers to obtain access to quizzes. The...