CVE-2024-8350

LOW Year: 2024
CVSS v3 Score
2.7
Low
Weakness Type
CWE-862
View all →

Vulnerability Description

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group leader-level access and above, to add users to their group which ultimately allows them to leverage CVE-2024-8349 and gain admin access to the site.

Related Vulnerabilities

CVE-2017-5930

LOW
CVSS:2.7(Low)

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission che...

CWE-8622017

CVE-2020-6306

LOW
CVSS:2.7(Low)

Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17).

CWE-8622020

CVE-2021-44840

LOW
CVSS:2.7(Low)

An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/tab...

CWE-8622021

CVE-2022-2459

LOW
CVSS:2.7(Low)

An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for ema...

CWE-8622022

CVE-2022-2841

LOW
CVSS:2.7(Low)

A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.15610/6.44.15806. It has been classified as problematic. Affected is an unknown function of the component Uninstallation Handler. The ...

CWE-8622022

CVE-2023-3587

LOW
CVSS:2.7(Low)

Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the U...

CWE-8622023