CVE-2024-7786
published 2024-09-04CVE-2024-7786: The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.
PriorityP181medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.64%
73.3th percentile
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| automattic | sensei_lms | < 4.24.2 | 4.24.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Follow-up unauthenticated GET to /wp-json/wp/v2/sensei_email/{id} confirms exploitation if the JSON response body contains 'sensei_email_preview_id={id}' and 'media?parent={id}' with Content-Type application/json and HTTP 200. ↗
- →Two-step exploitation flow: first enumerate the email template list endpoint to extract a template ID, then fetch the individual template by ID — both requests require no authentication. ↗
- →Presence of the plugin path '/wp-content/plugins/sensei-lms' in page body (via FOFA/PublicWWW) can be used to identify potentially vulnerable targets for mass scanning. ↗
- ·The vulnerability affects Sensei LMS versions strictly before 4.24.2; version 4.24.2 and later are patched. Detections should be scoped to installations running versions < 4.24.2. ↗
- ·The EPSS score is 0.70476 (98.692nd percentile), indicating very high likelihood of exploitation in the wild — prioritize detection and patching accordingly. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jwxp-gwr3-g9q3: The Sensei LMS WordPress plugin before 4
ghsa_unreviewed·2024-09-04
CVE-2024-7786 [HIGH] GHSA-jwxp-gwr3-g9q3: The Sensei LMS WordPress plugin before 4
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.
VulnCheck
Sensei LMS Email Template Leak
vulncheck·2024·CVSS 5.3
CVE-2024-7786 [MEDIUM] Sensei LMS Email Template Leak
Sensei LMS Email Template Leak
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.
Affected: automattic sensei_lms
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/wordpress/plugin/sensei-lms/vulnerability/wordpress-sensei-lms-plugin-4-24-2-unauthenticated-email-template-leak-vulnerability
No detection rules found.
Nuclei
Sensei LMS < 4.24.2 - Email Template Leak
nuclei·CVSS 5.3
CVE-2024-7786 [MEDIUM] Sensei LMS < 4.24.2 - Email Template Leak
Sensei LMS < 4.24.2 - Email Template Leak
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.
Template:
id: CVE-2024-7786
info:
name: Sensei LMS < 4.24.2 - Email Template Leak
author: s4e-io
severity: high
description: |
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.
impact: |
Unauthenticated attackers can access and leak email templates through unprotected REST API endpoints, potentially exposing sensitive information included in email communications and template configurations.
remediation: |
Update Sensei LMS plugin to version 4.24.2 or later to address the REST API pro
No writeups or analysis indexed.
2024-09-04
Published
Exploited in the wild