The Course Redirects for Learndash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4. This is due to missing nonce validation when processing form submissions on the settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
History

Tue, 21 Oct 2025 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Ercbs
Ercbs course Redirects For Learndash Plugin
Wordpress
Wordpress wordpress
Vendors & Products Ercbs
Ercbs course Redirects For Learndash Plugin
Wordpress
Wordpress wordpress

Tue, 14 Oct 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 11 Oct 2025 09:45:00 +0000

Type Values Removed Values Added
Description The Course Redirects for Learndash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4. This is due to missing nonce validation when processing form submissions on the settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Title Course Redirects for Learndash Plugin <= 0.4 - Cross-Site Request Forgery
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2025-10-14T18:44:36.808Z

Reserved: 2025-09-12T15:44:43.342Z

Link: CVE-2025-10376

cve-icon Vulnrichment

Updated: 2025-10-14T18:31:51.141Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-10-11T10:15:42.477

Modified: 2025-10-14T19:36:59.730

Link: CVE-2025-10376

cve-icon Redhat

No data.