cbcvebase.
CVE-2024-7786
published 2024-09-04

CVE-2024-7786: The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.

PriorityP181medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.64%
73.3th percentile
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.

Affected

1 ranges
VendorProductVersion rangeFixed in
automatticsensei_lms< 4.24.24.24.2

Detection & IOCsextracted from sources · hover to see the quote

urlGET /index.php/wp-json/wp/v2/sensei_email/ HTTP/1.1
urlGET /index.php/wp-json/wp/v2/sensei_email/{{template_id}} HTTP/1.1
path/wp-content/plugins/sensei-lms
path/wp-json/wp/v2/sensei_email/
  • Follow-up unauthenticated GET to /wp-json/wp/v2/sensei_email/{id} confirms exploitation if the JSON response body contains 'sensei_email_preview_id={id}' and 'media?parent={id}' with Content-Type application/json and HTTP 200.
  • Two-step exploitation flow: first enumerate the email template list endpoint to extract a template ID, then fetch the individual template by ID — both requests require no authentication.
  • Presence of the plugin path '/wp-content/plugins/sensei-lms' in page body (via FOFA/PublicWWW) can be used to identify potentially vulnerable targets for mass scanning.
  • ·The vulnerability affects Sensei LMS versions strictly before 4.24.2; version 4.24.2 and later are patched. Detections should be scoped to installations running versions < 4.24.2.
  • ·The EPSS score is 0.70476 (98.692nd percentile), indicating very high likelihood of exploitation in the wild — prioritize detection and patching accordingly.

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.