EPSS
Percentile
76.6%
The plugin does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers
https://example.com/wp-json/wp/v2/sensei-messages/
hackerone.com/reports/1590237