ND Learning <= 4.7 - Unauthenticated Options Change

Affects Plugin

fixed in version 4.8

References

CVE 2019-15775
URL https://blog.nintechnet.com/privilege-escalation-vulnerability-in-wordpress-nd-learning-courses-plugin/

Classification

Type PRIVESC
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-269

Miscellaneous

Original Researcher Jerome Bruandet (nintechnet.com)
Views 4565
Verified No
WPVDB ID 9496

Timeline

Publicly Published 2019-08-06 (4 months ago)
Added 2019-08-06 (4 months ago)
Last Updated 2019-11-28 (18 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin