LearnDash Plugin Vulnerable to User Group Add
CVE-2024-8350
2.7LOW
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 25 September 2024
What is CVE-2024-8350?
The LearnDash plugin for WordPress is impacted by a user group management vulnerability due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint. This issue affects all versions up to and including 6.1.0.1. Authenticated users with group leader-level access or higher can exploit this flaw to add users to their respective groups. This action could potentially allow the exploitation of another vulnerability, enabling attackers to gain administrative access to the WordPress site. It is imperative for users to review their plugin versions and apply the necessary updates to mitigate this security risk.
Affected Version(s)
Uncanny Groups for LearnDash * <= 6.1.0.1