CVE-2026-2446
Powerpack for LearnDash < 1.3.0 - Unauthenticated Arbitrary Option Update
The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options (such as default_role etc) and create arbitrary admin users
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Unknown · PowerPack for LearnDashQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →