ГлавнаяУязвимости → CVE-2026-2446
9.8критическая

CVE-2026-2446

Описание

The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options (such as default_role etc) and create arbitrary admin users

CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://wpscan.com/vulnerability/cbc95cea-e5d4-4874-add6-c8c728b683b7/