WordPress Plugin Vulnerabilities

Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure via Rest API

Description

The plugin does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers

Proof of Concept

Affects Plugins

Plugin icon
sensei-lms
Fixed in 4.5.0

References

CVE
CVE-2022-2034
URL
https://hackerone.com/reports/1590237
YouTube Video

Classification

Type
IDOR
OWASP top 10
A5: Broken Access Control
CWE
CWE-639
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Veshraj Ghimire
Submitter
Veshraj Ghimire
Submitter website
https://veshrajghimire.com.np
Submitter twitter
GhimireVeshraj
Verified
Yes
WPVDB ID
aba3dd58-7a8e-4129-add5-4dd5972c0426

Timeline

Publicly Published
2022-08-04 (about 3 years ago)
Added
2022-08-04 (about 3 years ago)
Last Updated
2023-07-04 (about 2 years ago)

Other

Published
Title
Published
2021-10-11
Title
Squaretype Modern Blog < 3.0.4 - Unauthenticated Private/Schedule Posts Disclosure
Published
2025-01-02
Title
WP Job Portal – A Complete Recruitment System for Company or Job Board website < 2.2.5 - Authenticated (Subscriber+) Insecure Direct Object Reference
Published
2025-05-08
Title
WPBookit < 1.0.3 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover
Published
2024-11-12
Title
Boostify Header Footer Builder for Elementor < 1.3.7 - Authenticated (Contributor+) Post Disclosure
Published
2024-03-28
Title
ProfileGrid < 5.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference