cvedb.io
CVE-2024-8349
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2024-09-25T03:15:03.817 · Last modified 2026-06-17T08:22:24.717

Summary

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group leader-level access and above, to change admin account email addresses which can subsequently lead to admin account access.

Affected products

uncannyowl — uncanny_groups_for_learndash

Does this affect you?

Add your gear to cvedb and we'll alert you only when uncannyowl ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.