Lucene search
K

293 matches found

CNNVD
CNNVD
added 2025/09/22 12:0 a.m.3 views

WordPress plugin Uncanny Toolkit for LearnDash 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:42 a.m.6 views

CVE-2025-22346

Server-Side Request Forgery SSRF vulnerability in Faizaan Gagan Course Migration for LearnDash allows Server Side Request Forgery.This issue affects Course Migration for LearnDash: from 1.0.2 through n/a...

6.4CVSS8.6AI score0.00267EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:35 a.m.12 views

CVE-2024-8350

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgmmanagement/v1/adduser/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group...

7.2CVSS6.5AI score0.01164EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:39 a.m.7 views

CVE-2024-1210

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes...

5.3CVSS6.7AI score0.02027EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:39 a.m.9 views

CVE-2024-1209

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads...

5.3CVSS6.7AI score0.02419EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:31 a.m.6 views

CVE-2024-5648

The LearnDash LMS – Reports plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions i.e. wrldsetconfiguration, wrldexcludesettingssave, applytimetrackingsettings, wpajaxwrldgutenbergblockvisit, etc.. in all versions up to, and...

5.4CVSS5.9AI score0.00451EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:43 a.m.3 views

CVE-2024-37438

Cross-Site Request Forgery CSRF vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Cross Site Request Forgery.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a before 4.1.4.1...

5.4CVSS5.1AI score0.00167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:42 a.m.7 views

CVE-2024-37439

Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0...

5.4CVSS6.9AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:6 a.m.3 views

CVE-2023-34019

Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3...

6.5CVSS8.5AI score0.00574EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:50 a.m.10 views

CVE-2023-28777

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LearnDash LearnDash LMS allows SQL Injection.This issue affects LearnDash LMS: from n/a through 4.5.3...

8.8CVSS8.8AI score0.00684EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:54 a.m.7 views

CVE-2023-34020

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3...

6.1CVSS8.5AI score0.00963EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:12 a.m.11 views

CVE-2023-3105

The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

8.8CVSS6.7AI score0.02233EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:35 p.m.6 views

CVE-2020-9439

Multiple cross-site scripting XSS vulnerabilities in Uncanny Owl Tin Canny LearnDash Reporting before 3.4.4 allows authenticated remote attackers to inject arbitrary web script or HTML via the searchkey GET Parameter in TinCanContentListTable.php, message GET Parameter in licensing.php,...

6.1CVSS5.8AI score0.00772EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:11 p.m.6 views

CVE-2020-35650

Multiple cross-site scripting XSS vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgmcoderedeem POST Parameter in user-code-redemption.php, the ulgmuserfirst POST Parameter in...

6.1CVSS5.9AI score0.00772EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:27 p.m.6 views

CVE-2020-6009

LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection...

9.8CVSS7.5AI score0.0184EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:2 a.m.8 views

CVE-2018-25019

The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndashassignmentprocessinit function, which could allow unauthenticated users to upload arbitrary files to the web server...

7.5CVSS7.2AI score0.01531EPSS
Exploits1References1
NVD
NVD
added 2025/05/16 4:15 p.m.13 views

CVE-2025-48080

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash uncanny-learndash-toolkit allows Stored XSS.This issue affects Uncanny Toolkit for LearnDash: from n/a through = 3.7.0.2...

6.5CVSS0.00169EPSS
Exploits0References1
CVE
CVE
added 2025/05/16 3:45 p.m.30 views

CVE-2025-48080

CVE-2025-48080 is a stored XSS vulnerability in the WordPress plugin Uncanny Toolkit for LearnDash. The issue arises from improper input neutralization during web page generation, allowing malicious input to be stored and later executed in the browser. Affected: Uncanny Toolkit for LearnDash vers...

6.5CVSS7.2AI score0.00169EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/16 3:45 p.m.21 views

CVE-2025-48080 WordPress Uncanny Toolkit for LearnDash plugin <= 3.7.0.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash uncanny-learndash-toolkit allows Stored XSS.This issue affects Uncanny Toolkit for LearnDash: from n/a through = 3.7.0.2...

6.5CVSS0.00169EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.6 views

PT-2025-21717 · Unknown · Uncanny Toolkit For Learndash

Name of the Vulnerable Software and Affected Versions: Uncanny Toolkit for LearnDash versions 3.7.0.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...

6.5CVSS6.8AI score0.00169EPSS
Exploits0References3
Rows per page
Query Builder