CVE-2025-10376

Name of the Vulnerable Software and Affected Versions Course Redirects for Learndash plugin for WordPress versions prior to 0.5

Description The software is susceptible to Cross-Site Request Forgery (CSRF). This is a result of a lack of nonce validation when handling form submissions on the settings page. An unauthenticated attacker could potentially modify plugin settings by forging a request, provided they can trick a site administrator into performing an action.

Recommendations Update to version 0.5 or later.