Lucene search
HistoryFeb 05, 2024 - 10:16 p.m.
CVE-2024-1210
wordpress
learndash lms
sensitive information exposure
api
vulnerability
quizzes
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
5.1
Confidence
High
EPSS
0.016
Percentile
87.5%
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.
Affected configurations
Node
learndashlearndashRange<4.10.2wordpress
Related
wpvulndb
wpvulndb
LearnDash LMS < 4.10.2 - Sensitive Information Exposure via API
2024-02-02 00:00:00
prion
prion
Design/Logic Flaw
2024-02-05 22:16:00
cve
cve
CVE-2024-1210
2024-02-05 22:16:08
cvelist
cvelist
CVE-2024-1210
2024-02-05 21:21:45
nuclei
nuclei
LearnDash LMS < 4.10.3 - Sensitive Information Exposure
2024-02-20 18:03:58
LearnDash LMS < 4.10.2 - Sensitive Information Exposure
2024-02-20 18:12:36
wordfence
wordfence
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
5.1
Confidence
High
EPSS
0.016
Percentile
87.5%
Related for NVD:CVE-2024-1210