WordPress Plugin Vulnerabilities

LearnDash LMS < 4.6.0.1 - User Account Takeover via Insecure Direct Object References

Description

The plugin does not correctly manage access to system resources, resulting in Insecure Direct Object References. As a result, users can bypass authorization checks, leading to unauthorized changes to user passwords, potentially compromising administrator accounts.

Affects Plugins

Plugin icon
sfwd-lms
Fixed in 4.6.0.1

References

CVE
CVE-2023-3105
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/2318b3e1-268d-45fa-83bf-c6e88f1b9013

Classification

Type
IDOR
OWASP top 10
A5: Broken Access Control
CWE
CWE-639
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
e9a8931e-ac4d-40bf-83aa-cf05e639900e

Timeline

Publicly Published
2023-06-27 (about 2 years ago)
Added
2023-07-12 (about 2 years ago)
Last Updated
2023-07-12 (about 2 years ago)

Other

Published
Title
Published
2026-01-02
Title
Innovio <= 1.7 - Authenticated (Subscriber+) Insecure Direct Object Reference
Published
2026-01-20
Title
Academy LMS – WordPress LMS Plugin for Complete eLearning Solution < 3.5.1 - Unauthenticated Privilege Escalation via Account Takeover
Published
2025-11-24
Title
Wishlist for WooCommerce < 1.1.4 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation
Published
2025-07-31
Title
Service Finder Bookings < 6.1 - Authentication Bypass via User Switch Cookie
Published
2025-12-17
Title
HUSKY – Products Filter Professional for WooCommerce < 1.3.7.4 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr'