WordPress Sensei LMS <4.5.0 - Information Disclosure

WordPress Sensei LMS plugin before 4.5.0 is susceptible to information disclosure. The plugin does not have proper permissions set in a REST endpoint, which can allow an attacker to access private messages. id: CVE-2022-2034 info: name: WordPress Sensei LMS 4.5.0 - Information Disclosure author:...

Sensei LMS < 4.24.2 - Email Template Leak

The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates. id: CVE-2024-7786 info: name: Sensei LMS 4.24.2 - Email Template Leak author: s4e-io severity: high description: | The Sensei LMS WordPress...

EUVD-2025-1694

Malicious code in bioql PyPI...

EUVD-2025-8532

Malicious code in bioql PyPI...

EUVD-2023-55608

Malicious code in bioql PyPI...

EUVD-2024-35445

Malicious code in bioql PyPI...

EUVD-2025-15249

Malicious code in bioql PyPI...

EUVD-2022-34370

Malicious code in bioql PyPI...

CVE-2024-7786

The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates...

CVE-2023-50875

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0...

CVE-2022-2080

The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see...

WordPress Sensei LMS plugin < 4.20.0 - Teacher+ Users Email Address Disclosure vulnerability

Teacher+ Users Email Address Disclosure vulnerability discovered by Li Xuhang in WordPress Plugin Sensei LMS versions 4.20.0...

CVE-2024-8009

The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page...

CVE-2024-8009

The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page...

CVE-2024-8009

The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page...

CVE-2024-8009 Sensei LMS < 4.20.0 - Teacher+ Users Email Address Disclosure

The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page...

CVE-2024-8009 Sensei LMS < 4.20.0 - Teacher+ Users Email Address Disclosure

The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page...

CVE-2024-8009

The CVE-2024-8009 entry concerns the WordPress Sensei LMS plugin, specifically versions prior to 4.20.0. According to the connected sources, the vulnerability causes disclosure of all blog users, including email addresses, to teachers on the students page. The root cause and exact code path are n...

PT-2025-21506 · WordPress · Sensei Lms

Name of the Vulnerable Software and Affected Versions: The Sensei LMS WordPress plugin versions prior to 4.20.0 Description: The issue allows disclosure of all users of the blog, including their email addresses, to teachers on the students page. Recommendations: For versions prior to 4.20.0, upda...

WordPress plugin Sensei LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...