Li Xuhang

Name of the Vulnerable Software and Affected Versions: The Sensei LMS WordPress plugin versions prior to 4.20.0 Description: The issue allows disclosure of all users of the blog, including their email addresses, to teachers on the students page. Recommendations: For versions prior to 4.20.0, update to version 4.20.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Sensei LMS WordPress plugin versions prior to 4.24.4 **Description** The issue concerns the inadequate protection of some REST API routes in the Sensei LMS WordPress plugin, allowing unauthenticated attackers to leak information related to `sensei email` and `sensei message`. **Recommendations** For Sensei LMS WordPress plugin versions prior to 4.24.4, update to version 4.24.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable REST API routes until a patch is applied.