Home

Description

The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page

PUBLISHED Reserved 2024-08-20 | Published 2025-05-15 | Updated 2025-11-13 | Assigner WPScan

Problem types

CWE-863 Incorrect Authorization

Product status

Default status
unaffected

Any version before 4.20.0
affected

Credits

Li Xuhang finder

WPScan coordinator

References

wpscan.com/...rability/737bb010-b2fa-4bf4-b124-5fbba67cf935/ exploit vdb-entry technical-description

cve.org (CVE-2024-8009)

nvd.nist.gov (CVE-2024-8009)

Download JSON