Uncanny Toolkit for LearnDash <= 3.6.4.1 - Arbitrary Plugin Installation via CSRF
LANACOMMONVDB ID: ae4d66a3-28fe-4b27-8aa3-60646cf1ccef
The plugin does not have Cross-Site Request Forgery (CSRF) check when installing plugins, which could allow attackers to make logged in admins install and activate arbitrary plugins from wordpress.org repository via a Cross-Site Request Forgery (CSRF) attack.