cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-7786,https://securityvulnerability.io/vulnerability/CVE-2024-7786,Unauthenticated Email Template Leak Vulnerability in Sensei LMS WordPress Plugin,"The Sensei LMS WordPress plugin, prior to version 4.24.2, features improper access controls in certain REST API routes. This vulnerability enables unauthenticated attackers to gain access to sensitive email templates, potentially leading to information exposure. Proper security measures and updates are essential to safeguard against this type of unauthorized access, ensuring the integrity and confidentiality of user data.",Wordpress,Sensei Lms,5.3,MEDIUM,0.002749999985098839,false,,false,false,true,true,false,false,2024-09-04T06:00:04.429Z,0
CVE-2022-2080,https://securityvulnerability.io/vulnerability/CVE-2022-2080,Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR,"The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student",Wordpress,"Sensei Lms – Online Courses, Quizzes, & Learning",4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-08-29T14:40:27.000Z,0
CVE-2022-2034,https://securityvulnerability.io/vulnerability/CVE-2022-2034,Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure via Rest API,"The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers",Wordpress,Sensei Lms,5.3,MEDIUM,0.00482999999076128,false,,false,false,false,,false,false,2022-08-29T14:40:26.000Z,0