daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2022/CVE-2022-2034.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-04-07 11:34:44 -04:00
parent 6086965c61
commit b71cc484c2
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2022/CVE-2022-2034.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-2034
info:
name: Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure
name: WordPress Sensei LMS <4.5.0 - Information Disclosure
author: imhunterand
severity: medium
description: |
The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers
WordPress Sensei LMS plugin before 4.5.0 is susceptible to information disclosure. The plugin does not have proper permissions set in a REST endpoint, which can allow an attacker to access private messages.
reference:
- https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426
- https://hackerone.com/reports/1590237
@ -46,3 +46,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/04/07