| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4365 | LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Critical | 9.1 | 2026-04-14 01:25:00 | Deep Dive |
| CVE-2026-4333 | LearnPress <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'skin' Shortcode Attribute | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 6.4 | 2026-04-08 03:36:08 | Deep Dive |
| CVE-2026-25002 | WordPress LearnPress – Sepay Payment plugin <= 4.0.0 - Broken Authentication vulnerability | ThimPress | LearnPress – Sepay Payment | 中危 | - | 2026-03-25 16:14:37 | Deep Dive |
| CVE-2026-3225 | LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 4.3 | 2026-03-23 22:25:41 | Deep Dive |
| CVE-2026-3226 | LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 4.3 | 2026-03-12 02:22:37 | Deep Dive |
| CVE-2026-1787 | LearnPress Export Import <= 4.1.0 - Missing Authentication to Unauthenticated Migrated Course Deletion | thimpress | LearnPress – Backup & Migration Tool | Medium | 4.8 | 2026-02-21 10:37:17 | Deep Dive |
| CVE-2026-24361 | WordPress LearnPress – Course Review plugin <= 4.1.9 - Cross Site Scripting (XSS) vulnerability | ThimPress | LearnPress – Course Review | - | - | 2026-01-22 16:52:44 | Deep Dive |
| CVE-2025-14798 | LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 5.3 | 2026-01-20 03:25:18 | Deep Dive |
| CVE-2025-14802 | LearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 5.4 | 2026-01-07 07:17:33 | Deep Dive |
| CVE-2025-13964 | LearnPress – WordPress LMS Plugin <= 4.3.2 - Missing Authentication to Unauthenticated Course Modification | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 5.3 | 2026-01-06 08:21:49 | Deep Dive |
| CVE-2025-66054 | WordPress LearnPress plugin <= 4.2.9.4 - Broken Access Control vulnerability | ThimPress | LearnPress | High | 7.5 | 2025-12-18 07:22:17 | Deep Dive |
| CVE-2025-13956 | LearnPress – WordPress LMS Plugin <= 4.3.1 - Missing Authorization to Unauthenticated Orders Statistics Exposure | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 5.3 | 2025-12-16 04:31:35 | Deep Dive |
| CVE-2025-14387 | LearnPress – WordPress LMS Plugin <= 4.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via get_profile_social | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 6.4 | 2025-12-15 15:30:55 | Deep Dive |
| CVE-2025-67536 | WordPress LearnPress plugin <= 4.2.9.4 - Cross Site Scripting (XSS) vulnerability | ThimPress | LearnPress | - | - | 2025-12-09 14:14:04 | Deep Dive |
| CVE-2025-11368 | LearnPress – WordPress LMS Plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 5.3 | 2025-11-21 05:32:05 | Deep Dive |
| CVE-2025-60200 | WordPress LearnPress Export Import plugin <= 4.1.2 - Local File Inclusion vulnerability | ThimPress | LearnPress Export Import | High | 7.5 | 2025-11-06 15:55:00 | Deep Dive |
| CVE-2025-49992 | WordPress LearnPress Export Import plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability | ThimPress | LearnPress Export Import | - | - | 2025-10-22 14:32:22 | Deep Dive |
| CVE-2025-11372 | LearnPress – WordPress LMS Plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 6.5 | 2025-10-18 06:42:49 | Deep Dive |
| CVE-2024-13127 | LearnPress – WordPress LMS Plugin < 4.2.7.5.1 - Admin+ Stored XSS | Unknown | LearnPress | - | - | 2025-05-15 20:06:59 | Deep Dive |
| CVE-2024-13128 | LearnPress – WordPress LMS Plugin < 4.2.7.5.1 - Admin+ Stored XSS | Unknown | LearnPress | - | - | 2025-05-15 20:06:59 | Deep Dive |