The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers
References
Link | Resource |
---|---|
https://hackerone.com/reports/1590237 | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-08-29T14:40:26
Updated: 2023-07-04T08:29:52.463Z
Reserved: 2022-06-08T00:00:00
Link: CVE-2022-2034
JSON object: View
NVD Information
Status : Modified
Published: 2022-08-29T18:15:09.027
Modified: 2023-11-07T03:46:10.347
Link: CVE-2022-2034
JSON object: View
Redhat Information
No data.
CWE