CVE-2024-8350

LOW
Published Sep 25, 2024 Modified Oct 2, 2024 CWE-862

Description

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group leader-level access and above, to add users to their group which ultimately allows them to leverage CVE-2024-8349 and gain admin access to the site.

CVSS v3.1 Score

2.7
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Weakness Type (CWE)

CWE-862 Missing Authorization

Affected Products

Vendor Product
uncannyowl uncanny_groups_for_learndash

References

Frequently Asked Questions

What is CVE-2024-8350? +
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group leader-level access and above, to add users to their group which ultimately allows them to leverage CVE-2024-8349 and gain admin access to the site. It has a CVSS v3.1 base score of 2.7 (LOW).
How severe is CVE-2024-8350? +
CVE-2024-8350 has a CVSS v3.1 score of 2.7 out of 10, rated LOW. This is a low-severity vulnerability with limited impact.
What products are affected by CVE-2024-8350? +
CVE-2024-8350 affects products from uncannyowl, specifically: uncanny_groups_for_learndash. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-8350? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-8350 — free, no signup required.

Start Free Scan