cleantalk
Vulnerabilities and Security Researches

Uncanny Toolkit for LearnDash, a71a0bec03a978f9d8c20118b6bcf0711f2cdf69

CVE, Research URL

a71a0bec03a978f9d8c20118b6bcf0711f2cdf69

Home page URL

Security reports for Uncanny Toolkit for LearnDash

Application

Uncanny Toolkit for LearnDash

Published on
Nov 26, 2022
Research Description
Uncanny Toolkit for LearnDash [uncanny-learndash-toolkit] < 3.6.4 Uncanny Toolkit for LearnDash <= 3.6.3 - Cross-Site Request Forgery The Uncanny Toolkit for LearnDash plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing nonce validation on several functions such as the ajax_activate_deactivate_module function. This makes it possible for unauthenticated attackers to change plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 3.6.4.
Status
vulnerable
Previous vulnerability researches
Uncanny Toolkit for LearnDash (CVE-2023-23714) , Jun 06, 2024
Uncanny Toolkit for LearnDash (CVE-2025-22268) , Apr 14, 2025
Uncanny Toolkit for LearnDash (CVE-2023-34019) , Jun 10, 2024
Uncanny Toolkit for LearnDash (CVE-2023-34020) , Jun 06, 2024
Uncanny Toolkit for LearnDash (a71a0bec03a978f9d8c20118b6bcf0711f2cdf69) , Jun 06, 2024
New vulnerability
Advance WP Query Search Filter (CVE-2025-26743) , Apr 15, 2025
SKT Skill Bar (CVE-2025-26880) , Apr 15, 2025
WP Featured Screenshot (CVE-2025-32557) , Apr 15, 2025
Additional Custom Product Tabs for WooCommerce (CVE-2025-26749) , Apr 15, 2025
Autoptimize , Apr 15, 2025