ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Learning Courses plugin <= 4.7 - Unauthenticated Options Change vulnerability

Product
Learning Courses
Description
Unauthenticated Options Change vulnerability found by Jerome Bruandet (Nintechnet) in WordPress Learning Courses plugin (versions <= 4.7).
Solution
Update the WordPress Learning Courses plugin to the latest available version (at least 4.8).
Classification
Type BYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 4.7
Fixed In 4.8
Disclosure date
2019-08-06
Credits
Jerome Bruandet (Nintechnet)
Submitter
ThreatPress