WP Courses LMS < 3.2.4 - Missing Authorization

Description The plugin is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the /ajax/ajax-lesson-order.php file hooked via AJAX in all versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with...

Cross-Site Request Forgery(CSRF)

Moodle is vulnerable to cross-site request forgery CSRF attacks. The attacks exist because it does not properly check session key validity on password-protected lesson modules, allowing the authenticated users to hijack the request sent to 1 mod/lesson/mediafile.php or 2 mod/lesson/view.php...