Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
learndash learndash vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-28777
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LearnDash LearnDash LMS allows SQL Injection.This issue affects LearnDash LMS: from n/a up to and including 4.5.3.
Learndash Learndash
7.5
CVSSv2
CVE-2020-6009
LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection.
Learndash Learndash
NA
CVE-2023-3105
The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...
Learndash Learndash
5
CVSSv2
CVE-2018-25019
The LearnDash LMS WordPress plugin prior to 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server
Learndash Learndash
3.5
CVSSv2
CVE-2020-7108
The LearnDash LMS plugin prior to 3.1.2 for WordPress allows XSS via the ld-profile search field.
Learndash Learndash
NA
CVE-2024-1208
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated malicious users to obtain access to quiz questions.
Learndash Learndash
3 Github repositories
NA
CVE-2024-1209
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated malicious users to obtain ...
Learndash Learndash
2 Github repositories
NA
CVE-2024-1210
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated malicious users to obtain access to quizzes.
Learndash Learndash
2 Github repositories
4.3
CVSSv2
CVE-2020-35650
Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote malicious users to inject arbitrary JavaScript or HTML via the ulgm_code_redeem POST Parameter in user-code-redemption.php, the ulgm_user_first POST Paramete...
Uncannyowl Uncanny Groups For Learndash
NA
CVE-2023-23714
Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash plugin <= 3.6.4.1 versions.
Uncannyowl Uncanny Toolkit For Learndash
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »