CVE-2025-22740 — Missing Authorization in Sensei LMS

CWE-862 — Missing Authorization3 documents3 sources

Severity

—N/A

No vector

EPSS

0.1%

top 69.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Automattic Sensei LMS

Timeline

PublishedMar 27

Latest updateMar 28

Description

Missing Authorization vulnerability in Automattic Sensei LMS sensei-lms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through <= 4.24.4.

Affected Packages1 packages

▶CVEListV5automattic/sensei_lms4.24.4

🔴Vulnerability Details

GHSA

GHSA-48q4-2p6c-rxg9: Missing Authorization vulnerability in Automattic Sensei LMS allows Exploiting Incorrectly Configured Access Control Security Levels↗2025-03-28

▶

CVEList

WordPress Sensei LMS plugin <= 4.24.4 - Broken Access Control vulnerability↗2025-03-27

▶