Lucene search
WordfenceCVE-2024-1210HistoryFeb 05, 2024 - 10:16 p.m.
CVE-2024-1210
2024-02-0522:16:08
Wordfence
web.nvd.nist.gov
25
learndash
lms
wordpress
vulnerability
sensitive information exposure
api
cve-2024-1210
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
6
Confidence
High
EPSS
0.016
Percentile
87.5%
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.
Affected configurations
Node
learndashlearndashRange<4.10.2wordpress
CNA Affected
[
{
"vendor": "n/a",
"product": "LearnDash LMS",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "4.10.1",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
wpvulndb
wpvulndb
LearnDash LMS < 4.10.2 - Sensitive Information Exposure via API
2024-02-02 00:00:00
prion
prion
Design/Logic Flaw
2024-02-05 22:16:00
nvd
nvd
CVE-2024-1210
2024-02-05 22:16:08
cvelist
cvelist
CVE-2024-1210
2024-02-05 21:21:45
nuclei
nuclei
LearnDash LMS < 4.10.3 - Sensitive Information Exposure
2024-02-20 18:03:58
LearnDash LMS < 4.10.2 - Sensitive Information Exposure
2024-02-20 18:12:36
wordfence
wordfence
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
6
Confidence
High
EPSS
0.016
Percentile
87.5%
Related for CVE-2024-1210