cleantalk
Vulnerabilities and Security Researches

Sensei LMS – Online Courses, Quizzes, & Learning, CVE-2022-2080

CVE, Research URL

CVE-2022-2080

Home page URL

Security reports for Sensei LMS – Online Courses, Quizzes, & Learning

Application

Sensei LMS – Online Courses, Quizzes, & Learning

Published on
Aug 29, 2022
Research Description
The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student
Affected versions
Min -, max 4.5.2.
Status
vulnerable
Previous vulnerability researches
Sensei LMS – Online Courses, Quizzes, & Learning (CVE-2023-50875) , Jun 06, 2024
Sensei LMS – Online Courses, Quizzes, & Learning (CVE-2022-2034) , Jun 06, 2024
Sensei LMS – Online Courses, Quizzes, & Learning (CVE-2022-2080) , Jun 06, 2024
Sensei LMS – Online Courses, Quizzes, & Learning (CVE-2025-22740) , Apr 01, 2025
Sensei LMS – Online Courses, Quizzes, & Learning (CVE-2024-35686) , Jun 11, 2024
New vulnerability
Contact Form vCard Generator (CVE-2025-31582) , Apr 04, 2025
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2025-1663) , Apr 04, 2025
AI Search Bar (CVE-2025-31563) , Apr 04, 2025
Ship Per Product (CVE-2025-31773) , Apr 04, 2025
ContentBot AI Writer (ChatGPT, GPT3, GPT4) (CVE-2025-31818) , Apr 04, 2025