Sensei LMS <= 4.4.3 is vulnerable to Unauthenticated Private Messages Disclosure via Rest API vulnerability

The Sensei LMS plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 4.4.3. This is due to missing permission checks on one of its REST endpoints and allows unauthenticated attackers to extract sensitive data including private messages sent to teachers.