Lucene search

WPScanVULNRICHMENT:CVE-2024-7786

HistorySep 04, 2024 - 6:00 a.m.

CVE-2024-7786 Sensei LMS < 4.24.2 - Unauthenticated Email Template Leak

2024-09-0406:00:04

WPScan

github.com

sensei lms

wordpress

plugin

vulnerability

email templates

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

22.2%

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

partial

JSON

The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:automattic:sensei_lms:*:*:*:*:*:*:*:*"
    ],
    "vendor": "automattic",
    "product": "sensei_lms",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "4.24.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

wpscan.com/vulnerability/f44e6f8f-3ef2-45c9-ae9c-9403305a548a/