S4E

CVE-2024-1208 Scanner

Detects 'Sensitive Information Exposure' vulnerability in LearnDash LMS affects v. < 4.10.3.

SCAN NOW

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

1 month

Scan only one

Url

Toolbox

-

LearnDash LMS, a WordPress plugin, is utilized by various educational institutions, instructors, and organizations for managing and delivering online learning content and assessments. This vulnerability checker focuses on detecting sensitive information exposure vulnerabilities present in LearnDash LMS versions up to 4.10.2, potentially impacting the confidentiality of quiz questions and assessment details accessible via the plugin's API.

The vulnerability detected in LearnDash LMS involves sensitive information exposure through its API, affecting versions up to 4.10.2. Due to inadequate access controls, unauthenticated attackers can access quiz questions and related details via the '/wp-json/wp/v2/sfwd-question' endpoint, compromising the confidentiality of assessment content and potentially exposing sensitive information.

The vulnerability manifests when unauthenticated attackers make GET requests to the '/wp-json/wp/v2/sfwd-question' endpoint of a WordPress site hosting LearnDash LMS. By analyzing JSON responses, attackers can obtain quiz question details, including question type and total points, which should only be accessible to authorized users. This exposure poses a risk of unauthorized access to sensitive assessment content.

Exploiting the sensitive information exposure vulnerability in LearnDash LMS may lead to unauthorized disclosure of quiz questions, assessment details, and other sensitive educational content. Malicious actors can access and potentially misuse quiz questions for academic dishonesty, compromise the integrity of assessments, and undermine the trust and effectiveness of online learning environments.

Safeguard your online learning platform from the risks associated with sensitive information exposure vulnerabilities by leveraging the comprehensive security scanning capabilities offered by the S4E platform. Join our platform to proactively identify and remediate vulnerabilities like CVE-2024-1208, ensuring the confidentiality and integrity of your educational content and protecting the trust of your learners.

 

References

Get started to protecting your Free Full Security Scan