Security for everyone

CVE-2024-1210 Scanner

Detects 'Information Disclosure' vulnerability in LearnDash LMS plufin for WordPress affects v. before 4.10.2.

SCAN NOW

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Toolbox

-

Vulnerability Overview

The LearnDash LMS plugin for WordPress, up to version 4.10.1, exposes sensitive information via an API endpoint. This vulnerability allows unauthenticated users to access quiz details, posing a risk of information leakage.

Vulnerability Details

The vulnerability is present in the /wp-json/ldlms/v1/sfwd-quiz API endpoint, which fails to properly restrict access to quiz information. This scanner probes the endpoint for typical quiz attributes, such as id and quiz_materials, to confirm the presence of this exposure.

Possible Effects

  • Unauthorized access to quiz details.
  • Potential exposure of quiz contents and materials.
  • Risk of compromising quiz integrity and confidentiality.

Why Choose SecurityForEveryone

SecurityForEveryone offers a comprehensive platform to detect and mitigate vulnerabilities like the one in LearnDash LMS. Our advanced scanning tools and expert guidance help you:

  • Stay ahead of potential security threats with timely detection.
  • Receive actionable insights and recommendations for effective remediation.
  • Ensure continuous protection through regular updates and monitoring.

References

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture