RSS   Vulnerabilities for 'Learndash'   RSS

2021-11-01
 
CVE-2018-25019

CWE-434
 

 
The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server

 
2020-04-01
 
CVE-2020-6009

CWE-89
 

 
LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection.

 
2020-01-16
 
CVE-2020-7108

CWE-79
 

 
The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field.

 


Copyright 2024, cxsecurity.com

 

Back to Top