CVE-2024-8350
- EPSS 0.25%
- Veröffentlicht 25.09.2024 03:15:04
- Zuletzt bearbeitet 02.10.2024 17:10:47
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possib...
CVE-2024-8349
- EPSS 3.07%
- Veröffentlicht 25.09.2024 03:15:03
- Zuletzt bearbeitet 02.10.2024 16:50:09
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible f...
CVE-2020-35650
- EPSS 0.35%
- Veröffentlicht 23.12.2020 16:15:13
- Zuletzt bearbeitet 21.11.2024 05:27:45
Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgm_code_redeem POST Parameter in user-code-redemption.php, the ulgm_...