5.3

CVE-2024-35686

WordPress Sensei LMS plugin <= 4.23.1 - Broken Access Control vulnerability

Sensei LMS <= 4.23.1 & Sensei Pro (WC Paid Courses) <= 4.24.0.1.24.0 - Missing Authorization

Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses).This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1.
Mögliche Gegenmaßnahme
Sensei LMS – Online Courses, Quizzes, & Learning: Update to version 4.24.0, or a newer patched version
Sensei Pro (WC Paid Courses): Update to version 4.24.0.1.24.0, or a newer patched version
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerautomattic
Produkt sensei_pro
Default Statusunaffected
Version <= 4.23.1.1.23.1
Version 0
Status affected
Herstellerautomattic
Produkt sensei_lms
Default Statusunaffected
Version <= 4.23.1
Version 0
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Sensei LMS – Online Courses, Quizzes, & Learning
Version *-4.23.1
SystemWordPress Plugin
Produkt Sensei Pro (WC Paid Courses)
Version *-4.23.1.1.23.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.53% 0.403
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
audit@patchstack.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://patchstack.com/database/vulnerability/sensei-lms/wordpress-sensei-lms-plugin-4-23-1-broken-access-control-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/woothemes-sensei/wordpress-sensei-pro-wc-paid-courses-plugin-4-23-1-1-23-1-broken-access-control-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/593299e5-d9eb-4240-8413-c0fe5ab79d82
Third Party Advisory