Every CVE whose affected-product data names Automattic Sensei Lms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2023-50875 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online…
CVE-2022-2034 — CVSS 5.3 (medium): The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated…
CVE-2024-7786 — CVSS 5.3 (medium): The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to…
CVE-2025-0466 — CVSS 5.3 (medium): The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to…
CVE-2022-2080 — CVSS 4.3 (medium): The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original…
CVE-2024-8009 — CVSS 4.3 (medium): The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page