CVE-2022-2034

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-2034

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2034.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-2034

Published

2022-08-29T18:15:09.027Z

Modified

2026-04-10T04:49:39.888971Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers

References

Affected packages

Git / github.com/automattic/sensei

Affected ranges

Type

GIT

Repo

https://github.com/automattic/sensei

Events

Introduced

Fixed

c36818fd533dfe16aadf7fa2653c57c3da3fc9cb

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.5.0"
        }
    ]
}

Affected versions

v1.*

v1.4.0

version/1.*

version/1.0.11

version/1.0.9

version/1.1.0

version/1.1.1

version/1.1.2

version/1.10.0

version/1.10.0-beta

version/1.10.0-beta-1

version/1.10.0-beta-2

version/1.10.1

version/1.11.0

version/1.11.0-beta.1

version/1.11.0-beta.2

version/1.12.0

version/1.12.0-beta.1

version/1.12.0-beta.2

version/1.12.1

version/1.12.1-beta.1

version/1.12.2

version/1.12.2-beta.1

version/1.12.2-beta.2

version/1.2.0

version/1.2.1

version/1.2.2

version/1.2.3

version/1.3.0

version/1.3.1

version/1.3.2

version/1.3.3

version/1.3.4

version/1.3.5

version/1.4.0

version/1.4.1

version/1.4.2

version/1.4.3

version/1.4.4

version/1.4.5

version/1.4.7

version/1.4.8

version/1.4.9

version/1.5.0

version/1.5.1

version/1.5.2

version/1.5.3

version/1.5.4

version/1.6.0

version/1.6.1

version/1.6.2

version/1.6.3

version/1.6.4

version/1.6.5

version/1.6.6

version/1.6.7

version/1.6.8

version/1.6.9

version/1.7.0

version/1.7.1

version/1.7.2

version/1.7.3

version/1.7.4

version/1.7.5

version/1.7.6

version/1.7.7

version/1.8.0

version/1.8.1

version/1.8.2

version/1.8.3

version/1.8.4

version/1.8.5

version/1.8.6

version/1.8.6-1

version/1.9.10

version/1.9.10-2

version/1.9.11

version/1.9.12

version/1.9.12-beta

version/1.9.12-beta-2

version/1.9.13

version/1.9.13-2

version/1.9.13-beta

version/1.9.14

version/1.9.14-beta

version/1.9.15

version/1.9.15-beta

version/1.9.15-beta-2

version/1.9.15-beta-3

version/1.9.16

version/1.9.16-beta

version/1.9.17

version/1.9.17-beta

version/1.9.18

version/1.9.18-beta

version/1.9.19

version/1.9.20

version/1.9.20-1

version/1.9.20-beta

version/1.9.3

version/1.9.5

version/1.9.6

version/1.9.7

version/1.9.7-beta

version/1.9.8

version/1.9.8-beta

version/2.*

version/2.0.0

version/2.0.0-beta.3

version/2.0.1

version/2.0.1-beta.1

version/2.1.0

version/2.1.0-beta.1

version/2.1.1

version/2.1.2

version/2.2.0

version/2.2.0-beta.1

version/2.2.1

version/2.2.1-beta.1

version/2.3.0

version/2.3.0-beta.1

version/3.*

version/3.0.0

version/3.0.0-beta.1

version/3.0.0-beta.2

version/3.0.0-beta.3

version/3.0.0-beta.4

version/3.1.0

version/3.1.1

version/3.10.0

version/3.11.0

version/3.11.1

version/3.12.0

version/3.13.0

version/3.13.1

version/3.13.3

version/3.14.0

version/3.15.0

version/3.15.1

version/3.15.2

version/3.2.0

version/3.3.0

version/3.4.0-beta.1

version/3.5.0

version/3.6.0

version/3.6.0-beta.1

version/3.6.0-beta.2

version/3.6.1

version/3.7.0

version/3.7.0-beta.1

version/3.8.0-beta.1

version/3.8.1

version/3.9.0

version/3.9.0-beta.1

version/3.9.1

version/4.*

version/4.0.0

version/4.0.1

version/4.0.2

version/4.1.0

version/4.1.1

version/4.2.0

version/4.3.0

version/4.4.0

version/4.4.1

version/4.4.2

version/4.4.3

Other

wc-user-add-patch

wc-user-add-patch-2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2034.json"