Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2080 | 1 Automattic | 1 Sensei Lms | 2022-08-31 | N/A | 4.3 MEDIUM |
| The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student | |||||
| CVE-2022-2034 | 1 Automattic | 1 Sensei Lms | 2022-08-31 | N/A | 5.3 MEDIUM |
| The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers | |||||