PT-2024-26634 · Automattic · Automattic Sensei Lms+1
Rafie Muhammad
·
Published
2024-08-18
·
Updated
2024-08-25
·
CVE-2024-35686
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Automattic Sensei LMS versions 4.23.1 and earlier
Automattic Sensei Pro (WC Paid Courses) versions 4.23.1 and earlier
Description
The issue is related to a Missing Authorization vulnerability in Automattic Sensei LMS and Automattic Sensei Pro (WC Paid Courses). This vulnerability could allow attackers to gain unauthorized access.
Recommendations
For Automattic Sensei LMS versions 4.23.1 and earlier, update to version 4.24.0.
For Automattic Sensei Pro (WC Paid Courses) versions 4.23.1 and earlier, update to version 4.24.0.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Automattic Sensei Lms
Automattic Sensei Pro