What is CVE-2024-7786?

CVE-2024-7786 is a vulnerability in Sensei Lms, classified under CWE-862 MISSING AUTHORIZATION. Published 2024-09-04.

Is CVE-2024-7786 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Sensei Lms

CVE-2024-7786

The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.

EPSS: 0.705 (98.7th percentile) — read the EPSS interpretation.

Affected products

Unknown Sensei Lms — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
cyb3r-w0lf/nuclei-template-collection
fkie-cad/nvd-json-data-feeds

References

wpscan.com/vulnerability/f44e6f8f-3ef2-45c9-ae9c-9403305a548a/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2024-7786?: CVE-2024-7786 is a vulnerability in Sensei Lms, classified under CWE-862 MISSING AUTHORIZATION. Published 2024-09-04.
Is CVE-2024-7786 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.