Primary

Context

Sensei LMS WordPress Plugin Email Address Disclosure Vulnerability

Vulnerability

Patched

A vulnerability in the Sensei LMS WordPress plugin, affecting versions prior to 4.20.0, allows for the disclosure of all blog users and their email addresses to teachers on the students page. This issue arises from improper authorization, enabling unauthorized access to sensitive user information.

Impact

Exploitation of this vulnerability leads to unauthorized disclosure of user email addresses to teachers within the Sensei LMS environment.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

6.8

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

6.8

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sensei LMS WordPress Plugin Email Address Disclosure Vulnerability

Vulnerability

Impact

Affected Products

Sensei LMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating