Security Advisory

CVE-2018-25019

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-11-01 08:45:52

Last updated 2024-08-05 12:26:39

Assigner WPScan

State PUBLISHED

Description

The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server

← Browse all CVEs View on cve.org ↗