5.3

CVE-2024-1210

Exploit

LearnDash LMS <= 4.10.1 - Sensitive Information Exposure via API

LearnDash LMS <= 4.10.1 - Sensitive Information Exposure via API

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.
Mögliche Gegenmaßnahme
LearnDash LMS: Update to version 4.10.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LearndashLearndash SwPlatformwordpress Version < 4.10.2
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt LearnDash LMS
Version *-4.10.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.03% 0.785
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
security@wordfence.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.learndash.com/release-notes/
Release Notes
https://github.com/karlemilnikka/CVE-2024-1208-and-CVE-2024-1210
Third Party Advisory
Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/61ca5ab6-5fe9-4313-9b0d-8736663d0e89?source=cve
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/61ca5ab6-5fe9-4313-9b0d-8736663d0e89
Third Party Advisory