To plugin page

Fixed

WordPress Sensei LMS plugin <= 4.5.1 - Arbitrary Private Message Sending via IDOR vulnerability

4.3

CVSS 3.1 score Medium severity

Monitoring Coming soon

Find out about vulnerable plugins in your websites for free.

Scan your website

Software

Sensei LMS

Type

Plugin

Vulnerable versions

<= 4.5.1

Fixed in

4.5.2

PSID

63a67b1bd2a3

CVE ID

CVE-2022-2080

Classification

Insecure Direct Object References (IDOR)

OWASP Top 10

A5: Broken Access Control

Required privilege

Requires low role user authentication.

Credits

Veshraj Ghimire

Publicly disclosed

2022-08-04

Details

Arbitrary Private Message Sending via IDOR vulnerability discovered by Veshraj Ghimire in WordPress Sensei LMS plugin (versions <= 4.5.1).

Solution

Update the WordPress Sensei LMS plugin to the latest available version (at least 4.5.2).

References

Vulnerability details

Other known vulnerabilities for Sensei LMS

Unauthenticated Private Messages Disclosure via Rest API vulnerability

<= 4.4.3

5.3

04.08.2022

Submit vulnerabilities and become a verified Alliance member

Learn more

WordPress Sensei LMS plugin <= 4.5.1 - Arbitrary Private Message Sending via IDOR vulnerability

Details

Solution

References

Other known vulnerabilities for Sensei LMS

Submit vulnerabilities and become a verified Alliance member

All solutions

WordPress security

Patchstack

Social

All solutions

WordPress Security

Patchstack

Social

© 2022 Patchstack

WordPress Sensei LMS plugin <= 4.5.1 - Arbitrary Private Message Sending via IDOR vulnerability

Details

Solution

References

Other known vulnerabilities for Sensei LMS

Submit vulnerabilities and become a verified Alliance member

All solutions

WordPress security

Patchstack

Social

All solutions

WordPress Security

Patchstack

Social

© 2022 Patchstack

Let us know if we have missed a vulnerability reported elsewhere

Thank you for contributing!