1 results (0.002 seconds)
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7786 – Sensei LMS < 4.24.2 - Unauthenticated Email Template Leak
https://notcve.org/view.php?id=CVE-2024-7786
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates. The Sensei LMS – Online Courses, Quizzes, & Learning plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.24.1 via the /v2/sensei_email/ REST API endpoint due to a missing capability check. This makes it possible for unauthenticated attackers to extract data from email templates. • https://wpscan.com/vulnerability/f44e6f8f-3ef2-45c9-ae9c-9403305a548a • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •