Automattic Sensei_lms
6 CVEs affecting Automattic Sensei_lms. Latest disclosed: 2025-05-15. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-50875 | Medium | 6.5 | 2024-02-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learni… |
CVE-2025-0466 | Medium | 5.3 | 2025-02-04 | The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and s… |
CVE-2024-7786 | Medium | 5.3 | 2024-09-04 | The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates. |
CVE-2022-2034 | Medium | 5.3 | 2022-08-29 | The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private… |
CVE-2024-8009 | Medium | 4.3 | 2025-05-15 | The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page |
CVE-2022-2080 | Medium | 4.3 | 2022-08-29 | The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any au… |