Product
automattic sensei lms
6 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-8009
CVE-2025-0466
CVE-2024-7786
CVE-2023-50875
CVE-2022-2080
CVE-2022-2034
< 4.20.0
The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the stu
< 4.24.4
The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attacke
< 4.24.2
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attack
<= 4.17.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS - Onli
< 4.5.2
The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the ori
< 4.5.0
The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenti