Lucene search
HistoryAug 29, 2022 - 6:15 p.m.
CVE-2022-2034
sensei lms
wordpress
plugin
cve-2022-2034
security vulnerability
rest endpoint
unauthenticated access
private messages
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.005 Low
EPSS
Percentile
76.6%
The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers
Affected configurations
Node
automatticsensei_lmsRange<4.5.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| automattic | sensei_lms | * | cpe:2.3:a:automattic:sensei_lms:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Sensei LMS",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "4.5.0"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]References
Social References
More
Related
wpexploit
wpexploit
cvelist
cvelist
nvd
nvd
CVE-2022-2034
2022-08-29 18:15:09
nuclei
nuclei
WordPress Sensei LMS <4.5.0 - Information Disclosure
2022-08-30 15:59:02
wpvulndb
wpvulndb
patchstack
patchstack
prion
prion
Design/Logic Flaw
2022-08-29 18:15:00
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.005 Low
EPSS
Percentile
76.6%
Related for CVE-2022-2034