The Course Redirects for Learndash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4. This is due to missing nonce validation when processing form submissions on the settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Metrics
Affected Vendors & Products
References
History
Tue, 21 Oct 2025 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ercbs
Ercbs course Redirects For Learndash Plugin Wordpress Wordpress wordpress |
|
Vendors & Products |
Ercbs
Ercbs course Redirects For Learndash Plugin Wordpress Wordpress wordpress |
Tue, 14 Oct 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Sat, 11 Oct 2025 09:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Course Redirects for Learndash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4. This is due to missing nonce validation when processing form submissions on the settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |
Title | Course Redirects for Learndash Plugin <= 0.4 - Cross-Site Request Forgery | |
Weaknesses | CWE-352 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2025-10-14T18:44:36.808Z
Reserved: 2025-09-12T15:44:43.342Z
Link: CVE-2025-10376

Updated: 2025-10-14T18:31:51.141Z

Status : Awaiting Analysis
Published: 2025-10-11T10:15:42.477
Modified: 2025-10-14T19:36:59.730
Link: CVE-2025-10376

No data.