Learndash
CVE-2023-3105
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for attackers with with existing account access at any level, to change user passwords and potentially take over administrator accounts.
AnalysisAI
The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-639. The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for attackers with with existing account access at any level, to change user passwords and potentially take over administrator accounts. Affected products include: Learndash.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and includ
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and includ
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and includ
LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection. Rated critical severity (
LearnDash v6.7.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the ld-comment-body clas
LearnDash v6.7.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the materials-content cl
The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field. Rated medium severity (C
An issue in the profile image upload function of LearnDash v6.7.1 allows attackers to cause a Denial of Service (DoS) vi
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today