Filtered by vendor Automattic
Subscriptions
Filtered by product Sensei Lms
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50875 | 1 Automattic | 1 Sensei Lms | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0. | ||||
| CVE-2022-2080 | 1 Automattic | 1 Sensei Lms | 2024-11-21 | 4.3 Medium |
| The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student | ||||
| CVE-2022-2034 | 1 Automattic | 1 Sensei Lms | 2024-11-21 | 5.3 Medium |
| The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers | ||||
| CVE-2024-7786 | 1 Automattic | 1 Sensei Lms | 2024-10-07 | 7.5 High |
| The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates. | ||||
| CVE-2024-35686 | 1 Automattic | 2 Sensei Lms, Sensei Pro | 2024-09-03 | 5.3 Medium |
| Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses).This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1. | ||||
Page 1 of 1.