Published: 05/02/2024 Updated: 14/02/2024

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 0

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated malicious users to obtain those uploads.

Vulnerable Product	Search on Vulmon	Subscribe to Product
learndash learndash

Sensitive Information Exposure via API in LearnDash.

CVE-2024-1208 and CVE-2024-1210 Sensitive Information Exposure via API in LearnDash Unauthenticated visitors can browse the quizzes and quiz questions without being enrolled in a connected course Vulnerability: CVE-2024-1208 and CVE-2024-1210 Sensitive Information Exposure via API CVSS: 53 (Medium) Software: LearnDash (sfwd-lms) Affected versions: <= 4102 Patched v

Sensitive Information Exposure via assignments in LearnDash.

CVE-2024-1209 Sensitive Information Exposure via assignments in LearnDash Unauthenticated visitors can browse and download uploaded assignments Vulnerability: CVE-2024-1209 Sensitive Information Exposure via assignments CVSS: 53 (Medium) Software: LearnDash (sfwd-lms) Affected versions: <= 4101 Patched version: 4102 (partially), 4103 (fully) Developer: LearnDas

NVD-CWE-noinfo https://www.wordfence.com/threat-intel/vulnerabilities/id/7191955e-0db1-4ad1-878b-74f90ca59c91?source=cve https://www.learndash.com/release-notes/https://github.com/karlemilnikka/CVE-2024-1209 https://nvd.nist.gov https://github.com/karlemilnikka/CVE-2024-1208-and-CVE-2024-1210

CVE-2024-1209

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect