CVE-2024-8009: Sensei LMS < 4.20.0 - Teacher+ Users Email Address Disclosure
7.5
CVSS
Description
The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page
Classification
CVE ID: CVE-2024-8009
CVSS Base Severity: HIGH
CVSS Base Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Problem Types
CWE-863 Incorrect AuthorizationAffected Products
Vendor: Unknown
Product: Sensei LMS
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 16.34% (scored less or equal to compared to others)
EPSS Date: 2025-06-06 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2024-8009https://wpscan.com/vulnerability/737bb010-b2fa-4bf4-b124-5fbba67cf935/