Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:learndash_lms:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductLearndash Lms (7aae89c1-5d84-51d3-a128-f69153907da3)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-1209 vulnerable 2026-06-08 06:25:39.564083 LearnDash LMS <= 4.10.1 - Sensitive Information Exposure via assignments
MEDIUM (5.3)
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.
Published: 2024-02-05T21:21:48.587Z
Updated: 2026-04-08T17:00:36.823Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-3105 vulnerable 2026-06-08 06:09:38.528342 LearnDash LMS <= 4.6.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change
HIGH (8.8)
The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for attackers with with existing account access at any level, to change user passwords and potentially take over administrator accounts.
Published: 2023-07-12T04:38:43.102Z
Updated: 2026-04-08T16:41:52.958Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.