A critical security flaw in the PowerPack for LearnDash plugin allows unauthenticated attackers to gain full administrative control of WordPress sites by manipulating AJAX actions.

The plugin's AJAX implementation fails to perform necessary authorization and Cross-Site Request Forgery (CSRF) checks. This allows an unauthenticated attacker to update arbitrary WordPress options, such as the default user role, and create new administrative accounts without any legitimate credentials.

This vulnerability carries a CVSS score of 9.8, indicating a near-maximal risk level. A successful exploit results in total site takeover, allowing attackers to steal user data, deface the website, or use the server for malicious activities, causing severe reputational and operational damage.

Immediate Action: Update the PowerPack for LearnDash plugin to version 1.3.0 or higher immediately. If an update is not possible, the plugin should be deactivated and removed from the WordPress installation.

Proactive Monitoring: Audit the WordPress user list for any unauthorized administrative accounts and review the wp_options table for unexpected changes to the default_role or users_can_register settings.

Compensating Controls: Use a WordPress-specific Web Application Firewall (WAF) to block suspicious AJAX requests to admin-ajax.php that attempt to modify core configuration settings.

Public Exploit Available: false

The risk of total site compromise makes this a top-priority remediation item. Administrators must apply the version 1.3.0 update immediately and perform a thorough security audit of their WordPress environment to ensure no backdoors were established.