CVE-2024-56940 – A vulnerability in LearnDash v6.7.1 allows atta... (How to Fix)

Q: What is the severity of CVE-2024-56940?

CVE-2024-56940 has a CVSS score of 7.5 (HIGH). A vulnerability in LearnDash v6.7.1 allows attackers to cause Denial of Service (DoS) by uploading excessive files through the profile image upload function. This affects all LearnDash installations running the vulnerable version. The attack can disrupt service availability for legitimate users.

📋 TL;DR

A vulnerability in LearnDash v6.7.1 allows attackers to cause Denial of Service (DoS) by uploading excessive files through the profile image upload function. This affects all LearnDash installations running the vulnerable version. The attack can disrupt service availability for legitimate users.

💻 Affected Systems

Products:

LearnDash

Versions: v6.7.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with profile image upload functionality enabled, which is typically enabled by default.

📦 What is this software?

Learndash by Learndash

View all CVEs affecting Learndash →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability for all users, requiring manual intervention to restore functionality and potentially causing extended downtime.

🟠

Likely Case

Temporary service degradation or unavailability during attack periods, impacting user experience and potentially causing data loss for in-progress activities.

🟢

If Mitigated

Minimal impact with proper rate limiting and file upload controls in place, potentially causing only minor performance degradation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to upload files to the profile image function, which typically requires user authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: LearnDash v6.7.2 or later

Vendor Advisory: https://www.learndash.com/

Restart Required: No

Instructions:

1. Backup your WordPress site and database. 2. Update LearnDash plugin through WordPress admin panel. 3. Verify update to v6.7.2 or later. 4. Test profile image upload functionality.

🔧 Temporary Workarounds

Disable profile image uploads

all

Temporarily disable the profile image upload functionality to prevent exploitation

Implement rate limiting

all

Add server-side rate limiting for file upload requests

🧯 If You Can't Patch

Implement strict file upload limits (size, count, frequency) at web server level
Monitor for abnormal upload patterns and block suspicious IP addresses

🔍 How to Verify

Check if Vulnerable:

Check LearnDash plugin version in WordPress admin panel under Plugins > Installed Plugins

Check Version:

wp plugin list --name=learndash --field=version

Verify Fix Applied:

Confirm LearnDash version is 6.7.2 or higher and test profile image upload with monitoring for resource exhaustion

📡 Detection & Monitoring

Log Indicators:

Unusually high frequency of file upload requests
Multiple failed upload attempts from same user/IP
Server resource exhaustion warnings

Network Indicators:

Spike in POST requests to profile image upload endpoints
Abnormal traffic patterns from single IP addresses

SIEM Query:

source="web_server" (method="POST" AND uri="*/wp-content/plugins/sfwd-lms/*upload*" OR uri="*/wp-admin/admin-ajax.php*action=upload*") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2024-56940

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 0.32% exploit probability (54.9th percentile)

Published: February 12, 2025

Last Updated: March 13, 2025

🔗 References

https://github.com/nikolas-ch/CVEs/tree/main/LearnDash_v6.7.1 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56940, you might also want to check these: