Donate Telegram

CVE-2026-2446

NONE EPSS 0.02%

Mar 06, 2026

Updated Mar 06, 2026

WordPress

Parameter	Value
Affected Versions	before 1.3.0
Vendor	WordPress
Public PoC	No

The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options (such as default_role etc) and create arbitrary admin users

References 1

https://wpscan.com/vulnerability/cbc95cea-e5d4-4874-add6-c8c728b683b7/

contact@wpscan.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-1128

WordPress

CVE-2026-3459

WordPress

CVE-2026-1720

WordPress

CVE-2026-2599

WordPress

CVE-2026-1321

WordPress

CVE Details

CVE ID

CVE-2026-2446

Published Date

Mar 06, 2026

Vendor

WordPress

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.02%

Likelihood of exploitation in next 30 days

Percentile: 5.5th percentile (higher than 5.5% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

Editor's Choice