5.3
CVE-2022-2034
- EPSS 33.75%
- Veröffentlicht 29.08.2022 18:15:09
- Zuletzt bearbeitet 21.11.2024 07:00:12
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginSensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure via Rest API
Sensei LMS <= 4.4.3 - Information Disclosure
The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers
Mögliche Gegenmaßnahme
Sensei LMS – Online Courses, Quizzes, & Learning: Update to version 4.5.0, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Automattic ≫ Sensei Lms SwPlatformwordpress Version < 4.5.0
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Sensei LMS – Online Courses, Quizzes, & Learning
Version
*-4.4.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 33.75% | 0.968 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.