CVE-2024-1208 Scanner
Detects 'Sensitive Information Exposure' vulnerability in LearnDash LMS affects v. < 4.10.3.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
1 month
Scan only one
Url
Toolbox
-
LearnDash LMS, a WordPress plugin, is utilized by various educational institutions, instructors, and organizations for managing and delivering online learning content and assessments. This vulnerability checker focuses on detecting sensitive information exposure vulnerabilities present in LearnDash LMS versions up to 4.10.2, potentially impacting the confidentiality of quiz questions and assessment details accessible via the plugin's API.
The vulnerability detected in LearnDash LMS involves sensitive information exposure through its API, affecting versions up to 4.10.2. Due to inadequate access controls, unauthenticated attackers can access quiz questions and related details via the '/wp-json/wp/v2/sfwd-question' endpoint, compromising the confidentiality of assessment content and potentially exposing sensitive information.
The vulnerability manifests when unauthenticated attackers make GET requests to the '/wp-json/wp/v2/sfwd-question' endpoint of a WordPress site hosting LearnDash LMS. By analyzing JSON responses, attackers can obtain quiz question details, including question type and total points, which should only be accessible to authorized users. This exposure poses a risk of unauthorized access to sensitive assessment content.
Exploiting the sensitive information exposure vulnerability in LearnDash LMS may lead to unauthorized disclosure of quiz questions, assessment details, and other sensitive educational content. Malicious actors can access and potentially misuse quiz questions for academic dishonesty, compromise the integrity of assessments, and undermine the trust and effectiveness of online learning environments.
Safeguard your online learning platform from the risks associated with sensitive information exposure vulnerabilities by leveraging the comprehensive security scanning capabilities offered by the S4E platform. Join our platform to proactively identify and remediate vulnerabilities like CVE-2024-1208, ensuring the confidentiality and integrity of your educational content and protecting the trust of your learners.
References