CVE-2022-2034: Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure via Rest API
First published: Mon Aug 29 2022(Updated: )
The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Automattic Sensei Lms | <4.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Sensei LMS WordPress plugin vulnerability?
The vulnerability ID for this Sensei LMS WordPress plugin vulnerability is CVE-2022-2034.
What is the title of this vulnerability?
The title of this vulnerability is 'The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers'.
What is the severity of CVE-2022-2034?
CVE-2022-2034 has a severity of 5.3, which is considered medium.
How does CVE-2022-2034 affect the Sensei LMS WordPress plugin?
CVE-2022-2034 affects the Sensei LMS WordPress plugin version up to and excluding 4.5.0.
How can I fix CVE-2022-2034 in the Sensei LMS WordPress plugin?
To fix CVE-2022-2034 in the Sensei LMS WordPress plugin, update it to version 4.5.0 or higher.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/title
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/automattic
- canonical/automattic sensei lms