Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-2034

The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers

Published

2022-08-29T18:15:09.027

Last Modified

2024-11-21T07:00:12.570

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	automattic	sensei_lms	< 4.5.0	Yes

References

https://hackerone.com/reports/1590237 Exploit, Third Party Advisory ([email protected])
https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426 Exploit, Third Party Advisory ([email protected])
https://hackerone.com/reports/1590237 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)