First published: Mon Aug 29 2022(Updated: )
The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Automattic Sensei Lms | <4.5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Sensei LMS WordPress plugin vulnerability is CVE-2022-2034.
The title of this vulnerability is 'The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers'.
CVE-2022-2034 has a severity of 5.3, which is considered medium.
CVE-2022-2034 affects the Sensei LMS WordPress plugin version up to and excluding 4.5.0.
To fix CVE-2022-2034 in the Sensei LMS WordPress plugin, update it to version 4.5.0 or higher.