Vulnerabilities and security researches forsensei-lms sensei-lms

Jun 06, 2024

CVE, Research URL: CVE-2023-50875
Home page URL: Security reports for Sensei LMS – Online Courses, Quizzes, & Learning
Application: Sensei LMS – Online Courses, Quizzes, & Learning
Date: Feb 12, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-2034
Home page URL: Security reports for Sensei LMS – Online Courses, Quizzes, & Learning
Application: Sensei LMS – Online Courses, Quizzes, & Learning
Date: Aug 29, 2022
Research Description: The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-2080
Home page URL: Security reports for Sensei LMS – Online Courses, Quizzes, & Learning
Application: Sensei LMS – Online Courses, Quizzes, & Learning
Date: Aug 29, 2022
Research Description: The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student
Affected versions: Min -, max -.
Status: vulnerable

Jun 11, 2024

CVE, Research URL: CVE-2024-35686
Home page URL: Security reports for Sensei LMS – Online Courses, Quizzes, & Learning
Application: Sensei LMS – Online Courses, Quizzes, & Learning
Date: Aug 19, 2024
Research Description: Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses).This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1.
Affected versions: Min -, max -.
Status: vulnerable

Sep 06, 2024

CVE, Research URL: CVE-2024-7786
Home page URL: Security reports for Sensei LMS – Online Courses, Quizzes, & Learning
Application: Sensei LMS – Online Courses, Quizzes, & Learning
Date: Sep 04, 2024
Research Description: The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.
Affected versions: Min -, max -.
Status: vulnerable

Feb 06, 2025

CVE, Research URL: CVE-2025-0466
Home page URL: Security reports for Sensei LMS – Online Courses, Quizzes, & Learning
Application: Sensei LMS – Online Courses, Quizzes, & Learning
Date: Feb 04, 2025
Research Description: The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.
Affected versions: Min -, max -.
Status: vulnerable

Apr 01, 2025

CVE, Research URL: CVE-2025-22740
Home page URL: Security reports for Sensei LMS – Online Courses, Quizzes, & Learning
Application: Sensei LMS – Online Courses, Quizzes, & Learning
Date: Mar 28, 2025
Research Description: Missing Authorization vulnerability in Automattic Sensei LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through 4.24.4.
Affected versions: Min -, max -.
Status: vulnerable