3 matches found
CVE-2022-2080 Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR
The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see...
CVE-2022-2080
The CVE-2022-2080 affects the Sensei LMS WordPress plugin (pre-4.5.2). The vulnerability arises from an IDOR flaw that allows any authenticated user to send messages to arbitrary private conversations by asserting the sender is the teacher or original sender, potentially exposing private interact...
CVE-2022-2080 Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR
The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see...