CVE-2024-1209

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.

Published: Feb 5, 2024
Updated: Feb 15, 2024
CVE: CVE-2024-1209
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
learndash / learndash	-	4.10.3

https://github.com/karlemilnikka/CVE-2024-1209
https://www.learndash.com/release-notes/
https://www.wordfence.com/threat-intel/vulnerabilities/id/7191955e-0db1-4ad1-878b-74f90ca59c91?source=cve

Vulnerability Database

290,020

CVE-2024-1209