Automattic Sensei_lms

6 CVEs affecting Automattic Sensei_lms. Latest disclosed: 2025-05-15. Critical: 0, High: 0.

Top CVEs affecting Automattic Sensei_lms
CVESeverityScorePublishedSummary
CVE-2023-50875Medium6.52024-02-12Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learni…
CVE-2025-0466Medium5.32025-02-04The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and s…
CVE-2024-7786Medium5.32024-09-04The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.
CVE-2022-2034Medium5.32022-08-29The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private…
CVE-2024-8009Medium4.32025-05-15The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page
CVE-2022-2080Medium4.32022-08-29The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any au…