PT-2026-23651 · WordPress · Powerpack For Learndash

Khaled Alenazi

Publicado

2026-03-06

Atualizado

2026-03-17

CVE-2026-2446

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PowerPack for LearnDash WordPress plugin versions prior to 1.3.0

Description The PowerPack for LearnDash WordPress plugin lacks authorization and Cross-Site Request Forgery (CSRF) checks in an AJAX action. This allows unauthenticated users to modify arbitrary WordPress options, such as default role, and create new administrator users.

Recommendations Update the PowerPack for LearnDash WordPress plugin to version 1.3.0 or later.

Exploit

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2026-2446

Produtos afetados

Powerpack For Learndash

PT-2026-23651 · WordPress · Powerpack For Learndash

CVE-2026-2446

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9