.. / CVE-2022-2034

Exploit for WordPress Sensei LMS <4.5.0 - Information Disclosure (CVE-2022-2034)

Description:

WordPress Sensei LMS plugin before 4.5.0 is susceptible to information disclosure. The plugin does not have proper permissions set in a REST endpoint, which can allow an attacker to access private messages.

Nuclei Template

View the template here CVE-2022-2034.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-2034.yaml

References:

https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426
https://hackerone.com/reports/1590237
https://wordpress.org/plugins/sensei-lms/advanced/
https://nvd.nist.gov/vuln/detail/CVE-2022-2034
https://github.com/ARPSyndicate/kenzer-templates

.. / CVE-2022-2034 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Sensei LMS <4.5.0 - Information Disclosure (CVE-2022-2034)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-2034