0.005 Low
EPSS
Percentile
76.6%
The plugin does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers
https://example.com/wp-json/wp/v2/sensei-messages/<numericID>
hackerone.com/reports/1590237