Source: National Vulnerability Database

The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25019

93 hits since 2021-11-01

PHP Vulns Source Ratio: 14% (4754 total, 328 propagated, 2377 filtered)