{"id":"CVE-2022-2034","details":"The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers","modified":"2026-04-10T04:49:39.888971Z","published":"2022-08-29T18:15:09.027Z","references":[{"type":"EVIDENCE","url":"https://hackerone.com/reports/1590237"},{"type":"EVIDENCE","url":"https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/automattic/sensei","events":[{"introduced":"0"},{"fixed":"c36818fd533dfe16aadf7fa2653c57c3da3fc9cb"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.5.0"}]}}],"versions":["v1.4.0","version/1.0.11","version/1.0.9","version/1.1.0","version/1.1.1","version/1.1.2","version/1.10.0","version/1.10.0-beta","version/1.10.0-beta-1","version/1.10.0-beta-2","version/1.10.1","version/1.11.0","version/1.11.0-beta.1","version/1.11.0-beta.2","version/1.12.0","version/1.12.0-beta.1","version/1.12.0-beta.2","version/1.12.1","version/1.12.1-beta.1","version/1.12.2","version/1.12.2-beta.1","version/1.12.2-beta.2","version/1.2.0","version/1.2.1","version/1.2.2","version/1.2.3","version/1.3.0","version/1.3.1","version/1.3.2","version/1.3.3","version/1.3.4","version/1.3.5","version/1.4.0","version/1.4.1","version/1.4.2","version/1.4.3","version/1.4.4","version/1.4.5","version/1.4.7","version/1.4.8","version/1.4.9","version/1.5.0","version/1.5.1","version/1.5.2","version/1.5.3","version/1.5.4","version/1.6.0","version/1.6.1","version/1.6.2","version/1.6.3","version/1.6.4","version/1.6.5","version/1.6.6","version/1.6.7","version/1.6.8","version/1.6.9","version/1.7.0","version/1.7.1","version/1.7.2","version/1.7.3","version/1.7.4","version/1.7.5","version/1.7.6","version/1.7.7","version/1.8.0","version/1.8.1","version/1.8.2","version/1.8.3","version/1.8.4","version/1.8.5","version/1.8.6","version/1.8.6-1","version/1.9.10","version/1.9.10-2","version/1.9.11","version/1.9.12","version/1.9.12-beta","version/1.9.12-beta-2","version/1.9.13","version/1.9.13-2","version/1.9.13-beta","version/1.9.14","version/1.9.14-beta","version/1.9.15","version/1.9.15-beta","version/1.9.15-beta-2","version/1.9.15-beta-3","version/1.9.16","version/1.9.16-beta","version/1.9.17","version/1.9.17-beta","version/1.9.18","version/1.9.18-beta","version/1.9.19","version/1.9.20","version/1.9.20-1","version/1.9.20-beta","version/1.9.3","version/1.9.5","version/1.9.6","version/1.9.7","version/1.9.7-beta","version/1.9.8","version/1.9.8-beta","version/2.0.0","version/2.0.0-beta.3","version/2.0.1","version/2.0.1-beta.1","version/2.1.0","version/2.1.0-beta.1","version/2.1.1","version/2.1.2","version/2.2.0","version/2.2.0-beta.1","version/2.2.1","version/2.2.1-beta.1","version/2.3.0","version/2.3.0-beta.1","version/3.0.0","version/3.0.0-beta.1","version/3.0.0-beta.2","version/3.0.0-beta.3","version/3.0.0-beta.4","version/3.1.0","version/3.1.1","version/3.10.0","version/3.11.0","version/3.11.1","version/3.12.0","version/3.13.0","version/3.13.1","version/3.13.3","version/3.14.0","version/3.15.0","version/3.15.1","version/3.15.2","version/3.2.0","version/3.3.0","version/3.4.0-beta.1","version/3.5.0","version/3.6.0","version/3.6.0-beta.1","version/3.6.0-beta.2","version/3.6.1","version/3.7.0","version/3.7.0-beta.1","version/3.8.0-beta.1","version/3.8.1","version/3.9.0","version/3.9.0-beta.1","version/3.9.1","version/4.0.0","version/4.0.1","version/4.0.2","version/4.1.0","version/4.1.1","version/4.2.0","version/4.3.0","version/4.4.0","version/4.4.1","version/4.4.2","version/4.4.3","wc-user-add-patch","wc-user-add-patch-2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2034.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}