WordPress Sensei LMS plugin <= 4.4.3 - Unauthenticated Private Messages Disclosure via Rest API vulnerability
PSID
6eb91edd9171
Classification
Sensitive Data Exposure
OWASP Top 10
A3: Sensitive Data Exposure
Required privilege
Can be exploited remotely without any authentication.
Publicly disclosed
2022-08-04
Patchstack vPatch available since
09.12.2021
Details
Unauthenticated Private Messages Disclosure via Rest API vulnerability discovered by Veshraj Ghimire in WordPress Sensei LMS plugin (versions <= 4.4.3).
Solution
Update the WordPress Sensei LMS plugin to the latest available version (at least 4.5.0).
References
Vulnerability details