PT-2023-8520 · WordPress · Learndash Lms

Karl Emil Nikka

Published

2023-12-25

Updated

2024-02-13

CVE-2024-1208

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions LearnDash LMS plugin for WordPress versions up to, and including, 4.10.2

Description The issue is related to insufficient protection of sensitive data when handling the sfwd-question and ld-exam endpoints, allowing remote attackers to gain unauthorized access to protected information. This makes it possible for unauthenticated attackers to obtain access to quiz questions.

Recommendations For versions up to, and including, 4.10.2, update to a version later than 4.10.2 to resolve the issue. As a temporary workaround, consider restricting access to the sfwd-question and ld-exam API endpoints until a patch is available.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2024-01088

BDU:2024-01089

CVE-2024-1208

Affected Products

Learndash Lms

PT-2023-8520 · WordPress · Learndash Lms

CVE-2024-1208

Weakness Enumeration

Related Identifiers

Affected Products

References · 12