id: CVE-2024-1208 info: name: LearnDash LMS < 4.10.3 - Sensitive Information Exposure author: ritikchaddha severity: medium description: | The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions. impact: | Unauthenticated attackers can access the LearnDash API to obtain quiz questions, answer options, and point values, compromising the integrity of course assessments. remediation: Fixed in 4.10.3 reference: - https://github.com/karlemilnikka/CVE-2024-1208-and-CVE-2024-1210 - https://nvd.nist.gov/vuln/detail/CVE-2024-1208 - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae735117-e68b-448e-ad41-258d1be3aebc?source=cve - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/fkie-cad/nvd-json-data-feeds classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2024-1208 epss-score: 0.83531 epss-percentile: 0.99303 cpe: cpe:2.3:a:learndash:learndash:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 vendor: learndash product: learndash framework: wordpress shodan-query: http.html:/wp-content/plugins/sfwd-lms fofa-query: body=/wp-content/plugins/sfwd-lms publicwww-query: "/wp-content/plugins/sfwd-lms" google-query: inurl:"/wp-content/plugins/sfwd-lms" tags: cve,cve2024,wp,wp-plugin,wordpress,exposure,learndash,vuln http: - method: GET path: - "{{BaseURL}}/wp-json/wp/v2/sfwd-question" matchers-condition: and matchers: - type: word part: body words: - '"id":' - '"question_type":' - '"points_total":' condition: and - type: word part: header words: - 'application/json' - type: status status: - 200 # digest: 4b0a00483046022100891829a04770d0d85e99a86b45fde66c0a534acd96a6aa68b602377a559cce220221008cd70ce12b5cdd7c08045f3adbb7505e9e103009d07428851c1b55deafa5d632:922c64590222798bb761d5b6d8e72950