CVE-2024-8009

Summary

The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page

Affected Software

VendorProductVersion RangeStatus
UnknownSensei LMS0 < 4.20.0affected

Weaknesses

  • CWE-863 Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References