cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8350,https://securityvulnerability.io/vulnerability/CVE-2024-8350,LearnDash Plugin Vulnerable to User Group Add,"The LearnDash plugin for WordPress is impacted by a user group management vulnerability due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint. This issue affects all versions up to and including 6.1.0.1. Authenticated users with group leader-level access or higher can exploit this flaw to add users to their respective groups. This action could potentially allow the exploitation of another vulnerability, enabling attackers to gain administrative access to the WordPress site. It is imperative for users to review their plugin versions and apply the necessary updates to mitigate this security risk.",Wordpress,Uncanny Groups For Learndash,2.7,LOW,0.00044999999227002263,false,,false,false,false,,false,false,2024-09-25T02:32:26.514Z,0
CVE-2024-8349,https://securityvulnerability.io/vulnerability/CVE-2024-8349,Privilege Escalation Vulnerability in LearnDash Plugin Affects Admin Account Security,"The Uncanny Groups for LearnDash plugin for WordPress contains a vulnerability that enables privilege escalation, allowing authenticated attackers with group leader-level access to edit user permissions improperly. This vulnerability results from the plugin failing to sufficiently restrict the user editing capabilities for group leaders. Consequently, attackers may exploit this weakness to alter email addresses associated with admin accounts, potentially granting them unauthorized access to these accounts and compromising the security of the WordPress site.",Wordpress,Uncanny Groups For Learndash,7.2,HIGH,0.0005000000237487257,false,,false,false,true,true,false,false,2024-09-25T02:32:25.610Z,0