PT-2022-14843 · WordPress · Sensei Lms
Name of the Vulnerable Software and Affected Versions: Sensei LMS WordPress plugin versions prior to 4.5.2 Description: The issue allows any authenticated user to send messages to arbitrary private conversations via an IDOR attack, as the plugin does not ensure that the sender of a private messag...