CVE-2025-0466

Medium CVSS: 5.3

The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.

Vendor

Automattic

Product

Sensei Lms

CWE

NVD-CWE-noinfo

Yayın Tarihi

2025-02-04 06:15:30

Güncelleme

2025-09-30 18:16:39

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

NVD-CWE-noinfo Sensei Lms MEDIUM Automattic 2025

Referanslar

https://wpscan.com/vulnerability/53ab86dc-1195-4ba0-8eda-6a0d7b45c45f/

Benzer Kayıtlar

Medium

CVE-2023-54332

Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject ma…

Medium

CVE-2024-8009

The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers…

Critical

CVE-2024-6584

The 'wp_ajax_boost_proxy_ig' action allows administrators to make GET requests to arbitrary URLs.

Medium

CVE-2024-12743

The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high pr…

Medium

CVE-2024-10075

The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible t…

Medium

CVE-2024-10076

The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelera…