WordPress Sensei LMS <4.5.0 - Information Disclosure

WordPress Sensei LMS plugin before 4.5.0 is susceptible to information disclosure. The plugin does not have proper permissions set in a REST endpoint, which can allow an attacker to access private messages. id: CVE-2022-2034 info: name: WordPress Sensei LMS 4.5.0 - Information Disclosure author:...

Sensei LMS < 4.24.2 - Email Template Leak

The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates. id: CVE-2024-7786 info: name: Sensei LMS 4.24.2 - Email Template Leak author: s4e-io severity: high description: | The Sensei LMS WordPress...

CVE-2024-34765

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Sensei Sensei Pro WC Paid Courses allows Stored XSS.This issue affects Sensei Pro WC Paid Courses: from n/a through 4.23.1.1.23.1...

EUVD-2024-35445

Malicious code in bioql PyPI...

EUVD-2025-1694

Malicious code in bioql PyPI...

EUVD-2024-48866

Malicious code in bioql PyPI...

EUVD-2024-35035

Malicious code in bioql PyPI...

EUVD-2022-34370

Malicious code in bioql PyPI...

EUVD-2025-8532

Malicious code in bioql PyPI...

EUVD-2025-15249

Malicious code in bioql PyPI...

EUVD-2023-55608

Malicious code in bioql PyPI...

CVE-2024-7786

The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates...

CVE-2023-50875

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0...

CVE-2022-2080

The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see...

CVE-2022-2034

The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers...

WordPress Sensei LMS plugin < 4.20.0 - Teacher+ Users Email Address Disclosure vulnerability

Teacher+ Users Email Address Disclosure vulnerability discovered by Li Xuhang in WordPress Plugin Sensei LMS versions 4.20.0...

CVE-2024-8009

The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page...

CVE-2024-8009

The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page...

CVE-2024-8009

The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page...

CVE-2024-8009 Sensei LMS < 4.20.0 - Teacher+ Users Email Address Disclosure

The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page...