Unauthenticated File Upload Vulnerability in LearnDash LMS WordPress Plugin
CVE-2018-25019 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server
Learn more about our Wordpress Pen Testing.