Monitor free

Report

New Known

Exploited

Fixed

WordPress Sensei LMS plugin <= 4.4.3 - Unauthenticated Private Messages Disclosure via Rest API vulnerability

5.3

CVSS 3.1 score Medium severity

Report

Monitoring Monitoring Known to be exploited Coming soon

Find out about vulnerable plugins in your websites for free.

Scan your website

Software

Sensei LMS

Type

Plugin

Vulnerable versions

<= 4.4.3

Fixed in

4.5.0

PSID

6eb91edd9171

CVE ID

CVE-2022-2034

Classification

Sensitive Data Exposure

OWASP Top 10

A3: Sensitive Data Exposure

Required privilege

Can be exploited remotely without any authentication.

Credits

Veshraj Ghimire

Publicly disclosed

2022-08-04

Patchstack vPatch available since

09.12.2021

Details

Unauthenticated Private Messages Disclosure via Rest API vulnerability discovered by Veshraj Ghimire in WordPress Sensei LMS plugin (versions <= 4.4.3).

Solution

Update the WordPress Sensei LMS plugin to the latest available version (at least 4.5.0).

References