Primary

Context

Sensei LMS WordPress Plugin Unauthenticated Sensitive Data Disclosure Vulnerability

Vulnerability

Patched

A vulnerability exists in the Sensei LMS WordPress plugin in versions prior to 4.24.4, where certain REST API routes are not adequately protected. This flaw allows unauthenticated attackers to access and leak sensitive information, specifically the 'sensei_email' and 'sensei_message' data.

Impact

Exploitation of this vulnerability leads to unauthorized access and disclosure of sensitive user information, including email addresses and message content, from the affected WordPress site.

Remediation

Users are advised to update the Sensei LMS WordPress plugin to version 4.24.4 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

9.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

9.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sensei LMS WordPress Plugin Unauthenticated Sensitive Data Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Sensei LMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating