Insecure Direct Object References in LearnDash LMS Plugin for WordPress
CVE-2023-3105
8.8HIGH
What is CVE-2023-3105?
The LearnDash LMS plugin for WordPress has a vulnerability that allows attackers to exploit Insecure Direct Object References. Versions up to and including 4.6.0 permit user-controlled access to certain objects, allowing individuals with existing account access to bypass authorization measures. This flaw enables unauthorized users to change passwords and potentially gain control over administrator accounts, heightening security risks for platforms utilizing the plugin.
Affected Version(s)
LearnDash LMS * <= 4.6.0