exploitDog

GHSA-h8qw-944w-6vhw

Опубликовано: 29 авг. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers

The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers

Ссылки

EPSS

Процентиль: 97%

0.33749

Средний

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-639

CWE-862

Связанные уязвимости

CVE-2022-2034

CVSS3: 5.3

nvd

больше 3 лет назад

The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers

EPSS

Процентиль: 97%

0.33749

Средний

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-639

CWE-862