The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options (such as default_role etc) and create arbitrary admin usersCreditsKhaled Alenazi (Nxploited)WPScanReferenceshttps://wpscan.com/vulnerability/cbc95cea-e5d4-4874-add6-c8c728b683b7/
