CVE-2025-0466: Sensei LMS < 4.24.4 - Unauthenticated sensei_email/sensei_message Disclosure

Description

The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.

Classification

CVE ID: CVE-2025-0466

Affected Products

Vendor: Unknown

Product: Sensei LMS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.83% (scored less or equal to compared to others)

EPSS Date: 2025-03-05 (when was this score calculated)

References

https://wpscan.com/vulnerability/53ab86dc-1195-4ba0-8eda-6a0d7b45c45f/

Timeline

2025-02-05 00:55:16 UTC
CVE

Sensei LMS < 4.24.4 - Unauthenticated sensei_email/sensei_message Disclosure