Sensei Lms
by Automattic
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-50875 | Med | 0.42 | 6.5 | 0.00 | Feb 12, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0. | ||
| CVE-2025-22740 | Med | 0.34 | 5.3 | 0.00 | Mar 27, 2025 | Missing Authorization vulnerability in Automattic Sensei LMS sensei-lms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through <= 4.24.4. | ||
| CVE-2024-35686 | Med | 0.27 | 5.3 | 0.01 | Aug 18, 2024 | Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses).This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1. | ||
| CVE-2024-8009 | 0.00 | — | 0.00 | May 15, 2025 | The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page | |||
| CVE-2025-0466 | 0.00 | — | 0.00 | Feb 4, 2025 | The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information. |
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Automattic Sensei LMS sensei-lms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through <= 4.24.4.
- risk 0.27cvss 5.3epss 0.01
Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses).This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1.
- CVE-2024-8009May 15, 2025risk 0.00cvss —epss 0.00
The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page
- CVE-2025-0466Feb 4, 2025risk 0.00cvss —epss 0.00
The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.