CVE-2024-1208

Name of the Vulnerable Software and Affected Versions LearnDash LMS plugin for WordPress versions up to, and including, 4.10.2

Description The issue is related to insufficient protection of sensitive data when handling the sfwd-question and ld-exam endpoints, allowing remote attackers to gain unauthorized access to protected information. This makes it possible for unauthenticated attackers to obtain access to quiz questions.

Recommendations For versions up to, and including, 4.10.2, update to a version later than 4.10.2 to resolve the issue. As a temporary workaround, consider restricting access to the sfwd-question and ld-exam API endpoints until a patch is available.