CVE-2024-1210 Scanner

Vulnerability Overview

The LearnDash LMS plugin for WordPress, up to version 4.10.1, exposes sensitive information via an API endpoint. This vulnerability allows unauthenticated users to access quiz details, posing a risk of information leakage.

Vulnerability Details

The vulnerability is present in the /wp-json/ldlms/v1/sfwd-quiz API endpoint, which fails to properly restrict access to quiz information. This scanner probes the endpoint for typical quiz attributes, such as id and quiz_materials, to confirm the presence of this exposure.

Possible Effects

• Unauthorized access to quiz details.
• Potential exposure of quiz contents and materials.
• Risk of compromising quiz integrity and confidentiality.

Why Choose S4E

S4E offers a comprehensive platform to detect and mitigate vulnerabilities like the one in LearnDash LMS. Our advanced scanning tools and expert guidance help you:

• Stay ahead of potential security threats with timely detection.
• Receive actionable insights and recommendations for effective remediation.
• Ensure continuous protection through regular updates and monitoring.

References

• LearnDash LMS Vulnerability - WPScan
• CVE Details - NVD