Vulnerabilities > Uncannyowl

DATE CVE VULNERABILITY TITLE RISK
2024-09-25 CVE-2024-8349 Missing Authorization vulnerability in Uncannyowl Uncanny Groups for Learndash
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1.
network
low complexity
uncannyowl CWE-862
7.2
2024-09-25 CVE-2024-8350 Missing Authorization vulnerability in Uncannyowl Uncanny Groups for Learndash
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions up to, and including, 6.1.0.1.
network
low complexity
uncannyowl CWE-862
2.7
2024-07-22 CVE-2024-37117 Unspecified vulnerability in Uncannyowl Uncanny Automator
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Automator Pro allows Reflected XSS.This issue affects Uncanny Automator Pro: from n/a through 5.3.
network
low complexity
uncannyowl
6.1
2024-06-21 CVE-2024-37118 Cross-Site Request Forgery (CSRF) vulnerability in Uncannyowl Uncanny Automator
Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through 5.3.
network
low complexity
uncannyowl CWE-352
8.8
2024-01-05 CVE-2023-52151 Unspecified vulnerability in Uncannyowl Uncanny Automator
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncanny Owl Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin.This issue affects Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin: from n/a through 5.1.0.2.
network
low complexity
uncannyowl
5.3
2023-05-26 CVE-2023-23714 Unspecified vulnerability in Uncannyowl Uncanny Toolkit for Learndash
Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash plugin <= 3.6.4.1 versions.
network
low complexity
uncannyowl
8.8
2020-12-23 CVE-2020-9439 Cross-site Scripting vulnerability in Uncannyowl TIN Canny Reporting for Learndash
Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Owl Tin Canny LearnDash Reporting before 3.4.4 allows authenticated remote attackers to inject arbitrary web script or HTML via the search_key GET Parameter in TinCan_Content_List_Table.php, message GET Parameter in licensing.php, tc_filter_group parameter in reporting-admin-menu.php, tc_filter_user parameter in reporting-admin-menu.php, tc_filter_course parameter in reporting-admin-menu.php, tc_filter_lesson parameter in reporting-admin-menu.php, tc_filter_module parameter in reporting-admin-menu.php, tc_filter_action parameter in reporting-admin-menu.php, tc_filter_data_range parameter in reporting-admin-menu.php, or tc_filter_data_range_last parameter in reporting-admin-menu.php.
network
low complexity
uncannyowl CWE-79
6.1
2020-12-23 CVE-2020-35650 Cross-site Scripting vulnerability in Uncannyowl Uncanny Groups for Learndash
Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgm_code_redeem POST Parameter in user-code-redemption.php, the ulgm_user_first POST Parameter in user-registration-form.php, the ulgm_user_last POST Parameter in user-registration-form.php, the ulgm_user_email POST Parameter in user-registration-form.php, the ulgm_code_registration POST Parameter in user-registration-form.php, the ulgm_terms_conditions POST Parameter in user-registration-form.php, the _ulgm_total_seats POST Parameter in frontend-uo_groups_buy_courses.php, the uncanny_group_signup_user_first POST Parameter in group-registration-form.php, the uncanny_group_signup_user_last POST Parameter in group-registration-form.php, the uncanny_group_signup_user_login POST Parameter in group-registration-form.php, the uncanny_group_signup_user_email POST Parameter in group-registration-form.php, the success-invited GET Parameter in frontend-uo_groups.php, the bulk-errors GET Parameter in frontend-uo_groups.php, or the message GET Parameter in frontend-uo_groups.php.
network
low complexity
uncannyowl CWE-79
6.1