Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-0466

The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.

Published

2025-02-04T06:15:30.160

Last Modified

2025-05-13T18:50:10.060

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	automattic	sensei_lms	< 4.24.4	Yes

References

https://wpscan.com/vulnerability/53ab86dc-1195-4ba0-8eda-6a0d7b45c45f/ Exploit, Third Party Advisory ([email protected])