CVE-2026-2446

{"id": "CVE-2026-2446", "cveTags": [], "metrics": {}, "published": "2026-03-06T06:15:57.880", "references": [{"url": "https://wpscan.com/vulnerability/cbc95cea-e5d4-4874-add6-c8c728b683b7/", "source": "[email protected]"}], "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options (such as default_role etc) and create arbitrary admin users"}], "lastModified": "2026-03-06T06:15:57.880", "sourceIdentifier": "[email protected]"}