CVE-2022-2034
N/A
N/A
Summary
The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Sensei LMS | 0 < 4.5.0 | affected |
Weaknesses
- CWE-639 Authorization Bypass Through User-Controlled Key
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426
- https://hackerone.com/reports/1590237
References
- https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426
- https://hackerone.com/reports/1590237
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.