CVE-2024-34765

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Sensei Sensei Pro WC Paid Courses allows Stored XSS.This issue affects Sensei Pro WC Paid Courses: from n/a through 4.23.1.1.23.1...

EUVD-2024-35035

Malicious code in bioql PyPI...

EUVD-2024-35445

Malicious code in bioql PyPI...

PT-2024-26634 · Automattic · Automattic Sensei Pro +1

Name of the Vulnerable Software and Affected Versions: Automattic Sensei LMS versions 4.23.1 and earlier Automattic Sensei Pro WC Paid Courses versions 4.23.1 and earlier Description: The issue is related to a Missing Authorization vulnerability in Automattic Sensei LMS and Automattic Sensei Pro ...

Sensei Pro (WC Paid Courses) < 4.24.0.1.24.0 - Authenticated (Student+) Stored Cross-Site Scripting

Description The Sensei Pro WC Paid Courses plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.23.1.1.23.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Student-level acces...

Sensei LMS <= 4.23.1 & Sensei Pro (WC Paid Courses) <= 4.24.0.1.24.0 - Missing Authorization

Description The Sensei LMS and Sensei Pro WC Paid Courses plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flushrewriterules function in versions up to, and including, 4.23.1 and . 4.24.0.1.24.0 respectively. This makes it possible...

CVE-2024-34765

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Sensei Sensei Pro WC Paid Courses allows Stored XSS.This issue affects Sensei Pro WC Paid Courses: from n/a through 4.23.1.1.23.1...

CVE-2024-34765

CVE-2024-34765 is a Stored XSS in Sensei Pro (WC Paid Courses) for Sensei LMS, affecting Sensei Pro: from n/a through 4.23.1.1.23.1. Red Hat’s advisory reiterates the same description. The initial data indicates this requires updating Sensei Pro to a fixed version (4.23.1.1.23.1) to mitigate the ...

CVE-2024-34765 WordPress Sensei Pro (WC Paid Courses) plugin <= 4.23.1.1.23.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Sensei Sensei Pro WC Paid Courses allows Stored XSS.This issue affects Sensei Pro WC Paid Courses: from n/a through 4.23.1.1.23.1...

CVE-2024-34765 WordPress Sensei Pro (WC Paid Courses) plugin <= 4.23.1.1.23.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Sensei Sensei Pro WC Paid Courses allows Stored XSS.This issue affects Sensei Pro WC Paid Courses: from n/a through 4.23.1.1.23.1...

WordPress plugin Sensei Pro (WC Paid Courses) Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

WordPress Sensei Pro (WC Paid Courses) plugin <= 4.23.1.1.23.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Sensei Pro WC Paid Courses versions = 4.23.1.1.23.1...

WordPress Sensei Pro (WC Paid Courses) plugin <= 4.23.1.1.23.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Sensei Pro WC Paid Courses versions = 4.23.1.1.23.1...

WordPress Sensei Pro (WC Paid Courses) Plugin <= 4.23.1.1.23.1 is vulnerable to Broken Access Control

Software Sensei Pro WC Paid Courses Type Plugin Vulnerable versions = 4.23.1.1.23.1 Fixed in 4.24.0.1.24.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35686 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5a225c011e38 Credits...

WordPress Sensei Pro (WC Paid Courses) Plugin <= 4.23.1.1.23.1 is vulnerable to Cross Site Scripting (XSS)

Software Sensei Pro WC Paid Courses Type Plugin Vulnerable versions = 4.23.1.1.23.1 Fixed in 4.24.0.1.24.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34765 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ffa624f39abc Credits Rafie...