PT-2025-3902 · WordPress · Sensei Lms
Li Xuhang
·
Published
2025-02-04
·
Updated
2025-09-30
·
CVE-2025-0466
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Sensei LMS WordPress plugin versions prior to 4.24.4
Description
The issue concerns the inadequate protection of some REST API routes in the Sensei LMS WordPress plugin, allowing unauthenticated attackers to leak information related to
sensei email and sensei message.Recommendations
For Sensei LMS WordPress plugin versions prior to 4.24.4, update to version 4.24.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable REST API routes until a patch is applied.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sensei Lms