| The privilege escalation flaw was discovered in LearnDash plugin of Wordpress. Due to this flaw any user can become admin user having access to group user or group id via a POST request to /wp-json/ulgm_management/v1/edit_user/?action=edit-user&group-id=, making it possible for authenticated attackers, with group leader-level access and above. |
