CVE-2024-7786

Exploit

EPSS 65.5%
Veröffentlicht 04.09.2024 06:15:17
Zuletzt bearbeitet 07.10.2024 17:46:08
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Sensei LMS – Online Courses, Quizzes, & Learning <= 4.24.1 - Unauthenticated Email Template Disclosure

The Sensei LMS  WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.

Mögliche Gegenmaßnahme

Sensei LMS – Online Courses, Quizzes, & Learning: Update to version 4.24.2, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Sensei LMS – Online Courses, Quizzes, & Learning

Version * - 4.24.1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Automattic ≫ Sensei Lms SwPlatformwordpress Version < 4.24.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	65.5%	0.984

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

https://wpscan.com/vulnerability/f44e6f8f-3ef2-45c9-ae9c-9403305a548a/

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/1df16802-c102-4ff2-b8ff-8a588905d3f7

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-7786

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7786

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7786

EUVD