cbcvebase.
CVE-2024-1208
published 2024-02-05

CVE-2024-1208: The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it…

PriorityP340medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
5.29%
91.5th percentile
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.

Affected

2 ranges
VendorProductVersion rangeFixed in
learndashlearndash< 4.10.34.10.3
stellarwplearndash_lms<= 4.10.2

Detection & IOCsextracted from sources · hover to see the quote

url/wp-json/wp/v2/sfwd-question
path/wp-content/plugins/sfwd-lms
  • Unauthenticated HTTP GET to /wp-json/wp/v2/sfwd-question returning JSON with 'id', 'question_type', and 'points_total' fields indicates successful exploitation of CVE-2024-1208.
  • Response Content-Type header must be 'application/json' and HTTP status 200 to confirm the vulnerable API endpoint is exposed.
  • Presence of /wp-content/plugins/sfwd-lms in page HTML identifies LearnDash LMS installations that may be vulnerable; use Shodan, FOFA, PublicWWW, or Google dorks to enumerate targets.
  • ·CVE-2024-1208 affects LearnDash LMS up to and including version 4.10.2; the fix is present in 4.10.3. A closely related sibling CVE (CVE-2024-1210) covers versions up to 4.10.1 and exposes quiz listings via a different endpoint (/wp-json/ldlms/v1/sfwd-quiz); both share the same plugin path fingerprint.
  • ·The exploit requires no authentication (PR:N, UI:N); any unauthenticated HTTP GET to the vulnerable endpoint is sufficient — no special headers, cookies, or tokens are needed.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.