CVE-2018-25019

CVE-2018-25019: LearnDash < 2.5.4 - Unauthenticated Arbitrary File Upload

Vendor Unknown
Product LearnDash LMS
Weakness CWE-434 · Unrestricted file upload
Published November 1, 2021
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server

Key dates

02Disclosure timeline

November 1, 2021 CVE published
August 5, 2024 Record updated