Description
WordPress Plugin LearnDash LMS is prone to a insecure direct object reference (IDOR) vulnerability. Exploiting this issue may allow an attacker to reset arbitrary user passwords. WordPress Plugin LearnDash LMS version 4.6.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.6.0.1 or latest
References
Related Vulnerabilities
MySQL CVE-2023-21879 Vulnerability (CVE-2023-21879)
Oracle Database Server CVE-2014-4297 Vulnerability (CVE-2014-4297)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000169)
PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-4782)