CVE-2024-7786

MEDIUM EXPLOITED NUCLEI

Sensei LMS <4.24.2 - Info Disclosure

Title source: llm

Description

The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.

Nuclei Templates (1)

Sensei LMS < 4.24.2 - Email Template Leak

HIGHVERIFIEDby s4e-io

FOFA: body="/wp-content/plugins/sensei-lms"

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/f44e6f8f-3ef2-45c9-ae9c-9403305a548a/

Scores

CVSS v3 5.3

EPSS 0.7048

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

VulnCheck KEV 2024-09-04

Status published

Products (1)

automattic/sensei_lms < 4.24.2

Published Sep 04, 2024

Tracked Since Feb 18, 2026