5.3

CVE-2025-0466

Exploit

Sensei LMS < 4.24.4 - Unauthenticated sensei_email/sensei_message Disclosure

Sensei LMS – Online Courses, Quizzes, & Learning <= 4.24.3 - Unauthenticated Information Exposure

The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.
Mögliche Gegenmaßnahme
Sensei LMS – Online Courses, Quizzes, & Learning: Update to version 4.24.4, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AutomatticSensei Lms SwPlatformwordpress Version < 4.24.4
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Sensei LMS – Online Courses, Quizzes, & Learning
Version *-4.24.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.39% 0.306
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://wpscan.com/vulnerability/53ab86dc-1195-4ba0-8eda-6a0d7b45c45f/
Third Party Advisory
Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/4559a3e5-e4f3-44b3-826e-acdf3bf5c8ae
Third Party Advisory