Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

LearnPress — Vulnerabilities & Security Advisories 20

All 20 CVE vulnerabilities found in LearnPress, with AI-generated Chinese analysis, references, and POCs.

This page catalogs known security vulnerabilities associated with LearnPress, a popular WordPress plugin used for creating online courses and learning management systems. It aggregates Common Weakness Enumerations (CWE) and Common Vulnerabilities and Exposures (CVE) data to provide a centralized view of security flaws affecting this specific product ecosystem. The database collects vulnerability records spanning from the plugin’s initial releases through recent updates, ensuring comprehensive coverage of historical and current security issues. Here, researchers and administrators can track vendor advisories to stay informed about patches and remediation steps released by the development team. Users can also gain a deeper understanding of specific weakness classes, such as cross-site scripting or SQL injection, by examining how they manifest within the LearnPress codebase. Furthermore, this resource allows for a detailed look into a product’s vulnerability history, enabling users to assess the long-term security posture and responsiveness of the maintainers. By analyzing these aggregated data points, stakeholders can identify trends, prioritize updates, and mitigate risks more effectively. This page serves as a factual reference for security professionals evaluating the integrity of their WordPress environments that rely on LearnPress for educational content delivery. It does not offer remediation services but provides the raw data necessary for informed decision-making regarding plugin updates and security audits. The information presented is sourced from public vulnerability databases and official vendor announcements to ensure accuracy and reliability for all users seeking to secure their digital learning platforms.

Vendor: ThimPress

CVE IDTitleCVSSSeverityPublished
CVE-2026-8383 LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API --2026-06-17
CVE-2026-48865 WordPress LearnPress plugin <= 4.3.6 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2026-06-01
CVE-2025-66054 WordPress LearnPress plugin <= 4.2.9.4 - Broken Access Control vulnerability CWE-862 7.5 High2025-12-18
CVE-2025-67536 WordPress LearnPress plugin <= 4.2.9.4 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2025-12-09
CVE-2024-13127 LearnPress – WordPress LMS Plugin < 4.2.7.5.1 - Admin+ Stored XSS 4.8AIMediumAI2025-05-15
CVE-2024-13128 LearnPress – WordPress LMS Plugin < 4.2.7.5.1 - Admin+ Stored XSS 4.8AIMediumAI2025-05-15
CVE-2025-22739 WordPress LearnPress plugin <= 4.2.7.5 - Broken Access Control vulnerability CWE-862 5.3 Medium2025-03-27
CVE-2025-24740 WordPress Learnpress plugin <= 4.2.7.1 - Open Redirection vulnerability CWE-601 4.7 Medium2025-01-27
CVE-2024-9881 LearnPress < 4.2.7.2 - Admin+ Stored XSS 4.8 -2024-12-12
CVE-2024-10010 LearnPress < 4.2.7.2 - Admin+ Stored XSS 4.8 -2024-12-12
CVE-2024-39641 WordPress LearnPress plugin <= 4.2.6.8.2 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 4.3 Medium2024-08-26
CVE-2024-39642 WordPress LearnPress plugin <= 4.2.6.8.2 - Insecure Direct Object References (IDOR) vulnerability CWE-639 6.5 Medium2024-08-13
CVE-2023-36515 WordPress LearnPress plugin <= 4.2.3 - Unauthenticated Broken Access Control vulnerability CWE-862 7.3 High2024-06-19
CVE-2023-36516 WordPress LearnPress plugin <= 4.2.3 - Authenticated Broken Access Control vulnerability CWE-862 7.6 High2024-06-19
CVE-2023-5558 LearnPress < 4.2.5.5 - Reflected Cross-Site Scripting 6.1 -2024-01-16
CVE-2022-0377 LearnPress < 4.1.5 - Arbitrary Image Renaming 4.3 -2022-02-28
CVE-2021-39348 LearnPress – WordPress LMS Plugin <= 4.1.3.1 Authenticated Stored Cross-Site Scripting CWE-80 5.5 Medium2021-10-21
CVE-2018-16173 WordPress LearnPress 跨站脚本漏洞 6.1 -2019-01-09
CVE-2018-16175 WordPress LearnPress SQL注入漏洞 7.2 -2019-01-09
CVE-2018-16174 WordPress LearnPress 安全漏洞 6.1 -2019-01-09

All 20 known CVE vulnerabilities affecting LearnPress with full Chinese analysis, references, and POCs where available.