CVE-2024-35686Missing Authorization in Sensei LMS

CWE-862Missing Authorization3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 77.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Automattic Sensei LMSAutomattic Sensei PRO
Timeline
PublishedAug 18
Latest updateAug 19

Description

Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses).This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5automattic/sensei_lmsn/a4.23.1
CVEListV5automattic/sensei_pron/a4.23.1.1.23.1

🔴Vulnerability Details

2
GHSA
GHSA-9m8g-pqxr-x264: Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses)2024-08-19
CVEList
WordPress Sensei LMS plugin <= 4.23.1 - Broken Access Control vulnerability2024-08-18
CVE-2024-35686 — Missing Authorization in Sensei LMS | cvebase