The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Authentication Bypass
WordPress
Uncanny Groups For Learndash
NVD
GitHub
CVSS 3.1
2.7
EPSS
0.4%
Cursor is an artificial intelligence code editor. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.
Apple
RCE
NVD
GitHub
CVSS 3.1
3.8
EPSS
0.2%