{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2446", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2026-02-13T08:32:25.403Z", "datePublished": "2026-03-06T06:00:03.502Z", "dateUpdated": "2026-03-06T17:46:09.631Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-03-06T06:00:03.502Z"}, "title": "Powerpack for LearnDash < 1.3.0 - Unauthenticated Arbitrary Option Update", "problemTypes": [{"descriptions": [{"description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "PowerPack for LearnDash", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThan": "1.3.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options (such as default_role etc) and create arbitrary admin users"}], "references": [{"url": "https://wpscan.com/vulnerability/cbc95cea-e5d4-4874-add6-c8c728b683b7/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Khaled Alenazi (Nxploited)", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-862", "lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-06T17:45:44.753301Z", "id": "CVE-2026-2446", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T17:46:09.631Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-2446", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-06T17:45:44.753301Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T17:46:04.660Z"}}], "cna": {"title": "Powerpack for LearnDash < 1.3.0 - Unauthenticated Arbitrary Option Update", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Khaled Alenazi (Nxploited)"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "PowerPack for LearnDash", "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/cbc95cea-e5d4-4874-add6-c8c728b683b7/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options (such as default_role etc) and create arbitrary admin users"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-03-06T06:00:03.502Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2446", "state": "PUBLISHED", "dateUpdated": "2026-03-06T17:46:09.631Z", "dateReserved": "2026-02-13T08:32:25.403Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2026-03-06T06:00:03.502Z", "assignerShortName": "WPScan"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options (such as default_role etc) and create arbitrary admin users"}, {"lang": "es", "value": "El plugin de WordPress PowerPack para LearnDash anterior a la versi\u00f3n 1.3.0 no tiene comprobaciones de autorizaci\u00f3n y CRSF en una acci\u00f3n AJAX, lo que permite a usuarios no autenticados actualizar opciones arbitrarias de WordPress (como default_role, etc.) y crear usuarios administradores arbitrarios."}], "id": "CVE-2026-2446", "lastModified": "2026-04-15T14:42:29.303", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-06T06:15:57.880", "references": [{"source": "contact@wpscan.com", "url": "https://wpscan.com/vulnerability/cbc95cea-e5d4-4874-add6-c8c728b683b7/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.3.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "PowerPack for LearnDash", "source": "cna", "vendor": "Unknown"}, "product": "powerpack_for_learndash", "vendor": "powerpackelements"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-17T12:24:05.208704+00:00", "value": {"mitigation_remediation": ["Update PowerPack for LearnDash to version 1.3.0 or later.", "If an update is not immediately available, disable or uninstall the plugin until the patch is released.", "Implement a web application firewall rule to block unauthenticated requests to the plugin\u2019s AJAX endpoint, such as a mod_security rule or Cloudflare firewall rule."], "summary": {"action": "Immediate Patch", "impact": "Unauthenticated Arbitrary Option Update leading to privilege escalation"}, "threat_synthesis": {"affected_systems": "WordPress sites running the PowerPack for LearnDash plugin older than 1.3.0 are affected; no other vendors or products are listed.", "description_and_impact": "The PowerPack for LearnDash plugin before version 1.3.0 has an AJAX action that performs no authorization or CSRF validation, allowing any user to modify any WordPress option or create new administrator accounts. This violates the principle of least privilege and can grant an attacker full control of the site. The flaw is an authorization failure (CWE-862).", "risk_and_exploitability": "The CVSS score of 9.8 classifies this as a critical vulnerability, while the EPSS score of less than 1% suggests low current exploitation probability. Nonetheless, the absence of authentication on the AJAX endpoint makes exploitation straightforward: a remote attacker can directly send a crafted request to update options or create admin users without possessing valid credentials. The vulnerability is not listed in the KEV catalog, indicating no reported public exploits as of the latest data."}}}}, "created": "2026-03-06T14:55:37.404020+00:00", "updated": "2026-04-17T12:30:06.264015+00:00", "vendors": ["powerpackelements", "powerpackelements$PRODUCT$powerpack_for_learndash", "wordpress", "wordpress$PRODUCT$wordpress"]}