Get Started

WordPress: REST API Information Disclosure in Sensei LMS plugin

by the Hossted team
04.02.2025

In Sensei LMS WordPress plugin versions 4.24.3 and prior a medium severity vulnerability CVE-2025-0466 was detected. This vulnerability allows attackers to leak `sensei_email` and `sensei_message` information due to improper protection of some REST API routes. To address this issue, users should upgrade Sensei LMS plugin to version 4.24.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0466.

Related articles
OSSpedia
OSSpedia 19 Feb 2025 WordPress: Insecure Direct Object Reference in Education Addon for Elementor Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Cross-Site Request Forgery Vulnerability in DeBounce Email Validator Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Unauthorized Access Vulnerability in Raptive Ads Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 11 Mar 2025 WordPress: Stored XSS Vulnerability in Countdown Timer Plugin Business and Enterprise Solutions CMS WOR