Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sensei_lms
(Automattic)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-08-29 | CVE-2022-2080 | The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student | Sensei_lms | 4.3 | ||
| 2022-08-29 | CVE-2022-2034 | The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers | Sensei_lms | 5.3 | ||
| 2024-02-12 | CVE-2023-50875 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0. | Sensei_lms | 5.4 | ||
| 2024-09-04 | CVE-2024-7786 | The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates. | Sensei_lms | 5.3 |