CVE-2024-1210 Scanner
CVE-2024-1210 scanner - Information Disclosure vulnerability in LearnDash LMS plufin for WordPress
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 2 days
Scan only one
URL
Toolbox
-
Vulnerability Overview
The LearnDash LMS plugin for WordPress, up to version 4.10.1, exposes sensitive information via an API endpoint. This vulnerability allows unauthenticated users to access quiz details, posing a risk of information leakage.
Vulnerability Details
The vulnerability is present in the /wp-json/ldlms/v1/sfwd-quiz API endpoint, which fails to properly restrict access to quiz information. This scanner probes the endpoint for typical quiz attributes, such as id and quiz_materials, to confirm the presence of this exposure.
Possible Effects
- Unauthorized access to quiz details.
- Potential exposure of quiz contents and materials.
- Risk of compromising quiz integrity and confidentiality.
Why Choose S4E
S4E offers a comprehensive platform to detect and mitigate vulnerabilities like the one in LearnDash LMS. Our advanced scanning tools and expert guidance help you:
- Stay ahead of potential security threats with timely detection.
- Receive actionable insights and recommendations for effective remediation.
- Ensure continuous protection through regular updates and monitoring.
