CVE-2022-2080

Published: Aug 29, 2022Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student

Affected (1)

Products: Automattic: Sensei Lms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Automattic Sensei Lms	Before 4.5.2

Related CWEs

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (4)

https://hackerone.com/reports/1592596

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/5395d196-a39a-4a58-913e-5b5b9d6123a5

Source: contact@wpscan.com

Third Party Advisory

https://hackerone.com/reports/1592596

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://wpscan.com/vulnerability/5395d196-a39a-4a58-913e-5b5b9d6123a5

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.