23 matches found
EUVD-2020-23316
Malware in sbrugna...
EUVD-2024-49116
Malicious code in bioql PyPI...
EUVD-2024-49117
Malicious code in bioql PyPI...
CVE-2024-8350
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgmmanagement/v1/adduser/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group...
CVE-2020-35650
Multiple cross-site scripting XSS vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgmcoderedeem POST Parameter in user-code-redemption.php, the ulgmuserfirst POST Parameter in...
CVE-2024-8349
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group...
CVE-2024-8350
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgmmanagement/v1/adduser/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group...
CVE-2024-8349
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group...
CVE-2024-8349
CVE-2024-8349 / CVE-2024-8350 (Uncanny Groups for LearnDash, WordPress) : The WordPress plugin is vulnerable to privilege escalation via a flawed access check in the group-management REST endpoint. Authenticated users with group leader level access (and above) can add or modify group members and,...
CVE-2024-8349 Uncanny Groups for LearnDash <= 6.1.0.1 - Authenticated (Group Leader+) Privilege Escalation
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group...
WordPress Uncanny Groups for LearnDash plugin <= 6.1.0.1 - Authenticated (Group Leader+) Privilege Escalation vulnerability
Authenticated Group Leader+ Privilege Escalation vulnerability discovered by Karl Emil Nikka in WordPress Plugin Uncanny Groups for LearnDash versions = 6.1.0.1...
WordPress Uncanny Groups for LearnDash plugin <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add vulnerability
Missing Authorization to Authenticated Group Leader+ User Group Add vulnerability discovered by Karl Emil Nikka in WordPress Plugin Uncanny Groups for LearnDash versions = 6.1.0.1...
WordPress plugin Uncanny Groups for LearnDash 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress plugin Uncanny Groups for LearnDash 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-38964 · WordPress · Uncanny Groups For Learndash
Name of the Vulnerable Software and Affected Versions: The Uncanny Groups for LearnDash plugin for WordPress versions up to, and including, 6.1.0.1 Description: The issue arises from the plugin's failure to properly restrict what users a group leader can edit. This allows authenticated attackers...
WordPress Uncanny Groups for LearnDash Plugin <= 6.1.0.1 is vulnerable to Broken Access Control
Software Uncanny Groups for LearnDash Type Plugin Vulnerable versions = 6.1.0.1 Fixed in 6.1.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8350 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID d89e217025ab Credits Karl Emil Nikka...
WordPress Uncanny Groups for LearnDash Plugin <= 6.1.0.1 is vulnerable to Privilege Escalation
Software Uncanny Groups for LearnDash Type Plugin Vulnerable versions = 6.1.0.1 Fixed in 6.1.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8349 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 0a9f41b67f...
PT-2024-38965 · WordPress · Uncanny Groups For Learndash
Name of the Vulnerable Software and Affected Versions: Uncanny Groups for LearnDash plugin for WordPress versions up to, and including, 6.1.0.1 Description: The issue allows authenticated attackers with group leader-level access and above to exploit a missing capability check on the "/wp-json/ulg...
CVE-2020-35650
Multiple cross-site scripting XSS vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgmcoderedeem POST Parameter in user-code-redemption.php, the ulgmuserfirst POST Parameter in...
CVE-2020-35650
Multiple cross-site scripting XSS vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgmcoderedeem POST Parameter in user-code-redemption.php, the ulgmuserfirst POST Parameter in...