CVE-2022-2080

Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR

Severity Score

4.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student

El plugin Sensei LMS de WordPress versiones anteriores a 4.5.2, no asegura que el remitente de un mensaje privado sea el profesor o el remitente original, permitiendo que cualquier usuario autenticado envíe mensajes a una conversación privada arbitraria por medio de un ataque IDOR. Nota: Los atacantes no pueden visualizar las respuestas/mensajes entre el profesor y el alumno

The Sensei LMS plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 4.5.1. This is because the plugin does not properly authenticate individuals before they send emails through the system. This makes it possible for attackers to send emails to arbitrary users and impersonate other individuals.

*Credits: Veshraj Ghimire

CVSS Scores

NISTv3.1 4.3

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-06-14 CVE Reserved
2022-08-04 CVE Published
2024-03-21 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-639: Authorization Bypass Through User-Controlled Key
CWE-862: Missing Authorization

CAPEC

References (2)

URL	Tag	Source
https://wpscan.com/vulnerability/5395d196-a39a-4a58-913e-5b5b9d6123a5	Third Party Advisory

URL	Date	SRC
https://hackerone.com/reports/1592596	2024-08-03

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Automattic Search vendor "Automattic"		Sensei Lms Search vendor "Automattic" for product "Sensei Lms"				< 4.5.2 Search vendor "Automattic" for product "Sensei Lms" and version " < 4.5.2"		wordpress		Affected