VYPR

Sensei Lms

by Automattic

Source repositories

CVEs (5)

  • CVE-2023-50875MedFeb 12, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0.

  • CVE-2025-22740MedMar 27, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Automattic Sensei LMS sensei-lms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through <= 4.24.4.

  • CVE-2024-35686MedAug 18, 2024
    risk 0.27cvss 5.3epss 0.01

    Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses).This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1.

  • CVE-2024-8009May 15, 2025
    risk 0.00cvss epss 0.00

    The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page

  • CVE-2025-0466Feb 4, 2025
    risk 0.00cvss epss 0.00

    The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.