Uncanny Groups For Learndash Security Vulnerabilities and Issues — Uncanny Groups For Learndash CVE List

Lucene search

UncannyowlUncanny Groups For Learndash

3 matches found

CVE•added 2024/09/25 3:15 a.m.•68 views

CVE-2024-8350

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group leader...

2.7CVSS5.1AI score0.00553EPSS

CVE•added 2024/09/25 3:15 a.m.•40 views

CVE-2024-8349

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group leader-lev...

7.2CVSS5.3AI score0.00553EPSS

CVE•added 2020/12/23 4:15 p.m.•35 views

CVE-2020-35650

Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgm_code_redeem POST Parameter in user-code-redemption.php, the ulgm_user_first POST Parameter in user-registration-fo...

6.1CVSS6AI score0.00347EPSS