Unauthenticated File Upload Vulnerability in LearnDash LMS WordPress Plugin

Unauthenticated File Upload Vulnerability in LearnDash LMS WordPress Plugin

CVE-2018-25019 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server

Learn more about our Wordpress Pen Testing.