Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Sensei LMS – Online Courses, Quizzes, & Learning

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Sensei LMS – Online Courses, Quizzes, & Learning

Information

Software Type	Plugin
Software Slug	sensei-lms (view on wordpress.org)
Software Status	Active
Software Author	automattic
Software Website	senseilms.com
Software Downloads	718,672
Software Active Installs	10,000
Software Record Last Updated	April 11, 2025

7 Vulnerabilities

Submit a Vulnerability

Sensei LMS <= 4.24.4 - Missing Authorization

5.3

CVE-2025-22740

Mar 27, 2025

Researcher: David Ojeda Guijarro

Sensei LMS – Online Courses, Quizzes, & Learning <= 4.24.3 - Unauthenticated Information Exposure

5.3

CVE-2025-0466

Jan 14, 2025

Researcher: Li Xuhang

Sensei LMS – Online Courses, Quizzes, & Learning <= 4.24.1 - Unauthenticated Email Template Disclosure

5.3

CVE-2024-7786

Aug 14, 2024

Researcher: Sushmita Poudel

Sensei LMS <= 4.23.1 & Sensei Pro (WC Paid Courses) <= 4.24.0.1.24.0 - Missing Authorization

5.3

CVE-2024-35686

Jun 6, 2024

Researcher: Rafie Muhammad

Sensei LMS <= 4.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-50875

Dec 22, 2023

Researcher: Rafie Muhammad

Sensei LMS <= 4.4.3 - Information Disclosure

5.3

CVE-2022-2034

Aug 4, 2022

Researcher: Veshraj Ghimire

Sensei LMS <= 4.5.1 - Missing Authorization

4.3

CVE-2022-2080

Aug 4, 2022

Researcher: Veshraj Ghimire

Title	Status	CVE ID	CVSS	Researchers	Date
Sensei LMS <= 4.24.4 - Missing Authorization	Patched	CVE-2025-22740	5.3	David Ojeda Guijarro	March 27, 2025
Sensei LMS – Online Courses, Quizzes, & Learning <= 4.24.3 - Unauthenticated Information Exposure	Patched	CVE-2025-0466	5.3	Li Xuhang	January 14, 2025
Sensei LMS – Online Courses, Quizzes, & Learning <= 4.24.1 - Unauthenticated Email Template Disclosure	Patched	CVE-2024-7786	5.3	Sushmita Poudel	August 14, 2024
Sensei LMS <= 4.23.1 & Sensei Pro (WC Paid Courses) <= 4.24.0.1.24.0 - Missing Authorization	Patched	CVE-2024-35686	5.3	Rafie Muhammad	June 6, 2024
Sensei LMS <= 4.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2023-50875	6.4	Rafie Muhammad	December 22, 2023
Sensei LMS <= 4.4.3 - Information Disclosure	Patched	CVE-2022-2034	5.3	Veshraj Ghimire	August 4, 2022
Sensei LMS <= 4.5.1 - Missing Authorization	Patched	CVE-2022-2080	4.3	Veshraj Ghimire	August 4, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

Sensei LMS – Online Courses, Quizzes, & Learning

Information

7 Vulnerabilities

Cookie Options

Strictly Necessary

Performance/Analytical

Targeting