LearnPress – WordPress LMS Plugin for Create and Sell Online Courses — Vulnerabilities & Security Advisories 32

All 32 CVE vulnerabilities found in LearnPress – WordPress LMS Plugin for Create and Sell Online Courses, with AI-generated Chinese analysis, references, and POCs.

Vendor: thimpress

CVE ID	Title	CVSS	Severity	Published
CVE-2026-4365	LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion CWE-862	9.1	Critical	2026-04-14
CVE-2026-4333	LearnPress <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'skin' Shortcode Attribute CWE-79	6.4	Medium	2026-04-08
CVE-2026-3225	LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion CWE-862	4.3	Medium	2026-03-23
CVE-2026-3226	LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering CWE-862	4.3	Medium	2026-03-12
CVE-2025-14798	LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API CWE-862	5.3	Medium	2026-01-20
CVE-2025-14802	LearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion CWE-639	5.4	Medium	2026-01-07
CVE-2025-13964	LearnPress – WordPress LMS Plugin <= 4.3.2 - Missing Authentication to Unauthenticated Course Modification CWE-862	5.3	Medium	2026-01-06
CVE-2025-13956	LearnPress – WordPress LMS Plugin <= 4.3.1 - Missing Authorization to Unauthenticated Orders Statistics Exposure CWE-862	5.3	Medium	2025-12-16
CVE-2025-14387	LearnPress – WordPress LMS Plugin <= 4.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via get_profile_social CWE-79	6.4	Medium	2025-12-15
CVE-2025-11368	LearnPress – WordPress LMS Plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure CWE-200	5.3	Medium	2025-11-21
CVE-2025-11372	LearnPress – WordPress LMS Plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation CWE-862	6.5	Medium	2025-10-18
CVE-2024-13599	LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (LP Instructor+) Stored Cross-Site Scripting via Lesson Name CWE-79	6.4	Medium	2025-01-25
CVE-2024-11868	LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API CWE-284	5.3	Medium	2024-12-10
CVE-2024-8522	LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields' CWE-89	10.0	Critical	2024-09-12
CVE-2024-8529	LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields' CWE-89	10.0	Critical	2024-09-12
CVE-2024-7548	LearnPress – WordPress LMS Plugin <= 4.2.6.9.3 - Authenticated (Contributor+) SQL Injection via order Parameter CWE-89	8.8	High	2024-08-08
CVE-2024-6589	LearnPress <= 4.2.6.8.2 - Authenticated (Contributor+) Local File Inclusion CWE-98	8.8	High	2024-07-25
CVE-2024-6099	LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Unauthenticated Bypass to User Registration CWE-420	5.3	Medium	2024-07-02
CVE-2024-6088	LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Missing Authorization to Unauthenticated User Registration Bypass CWE-862	5.3	Medium	2024-07-02
CVE-2024-5483	LearnPress – WordPress LMS Plugin <= 4.2.6.8 - Basic Information Disclosure via JSON API CWE-200	5.3	Medium	2024-06-05
CVE-2024-4971	LearnPress – WordPress LMS Plugin <= 4.2.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter CWE-79	6.4	Medium	2024-05-22
CVE-2024-4277	LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter CWE-79	6.4	Medium	2024-05-10
CVE-2024-4444	LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration CWE-420	5.3	Medium	2024-05-10
CVE-2024-4434	LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection CWE-89	9.8	Critical	2024-05-10
CVE-2024-4397	LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload CWE-434	8.8	High	2024-05-09
CVE-2024-3560	LearnPress – WordPress LMS Plugin <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79	6.4	Medium	2024-04-19
CVE-2024-1463	LearnPress <= 4.2.6.3 - Authenticated(LP Instructor+) Stored Cross-Site Scripting CWE-79	4.4	Medium	2024-04-09
CVE-2024-1289	LearnPress <= 4.2.6.3 - Insecure Direct Object Reference CWE-285	6.5	Medium	2024-04-09
CVE-2024-2115	LearnPress – WordPress LMS Plugin <= 4.0.0 - Cross-Site Request Forgery to Privilege Escalation CWE-352	8.8	High	2024-04-05
CVE-2023-6567	LearnPress <= 4.2.5.7 - Unauthenticated SQL Injection via order_by CWE-89	9.8	Critical	2024-01-11

All 32 known CVE vulnerabilities affecting LearnPress – WordPress LMS Plugin for Create and Sell Online Courses with full Chinese analysis, references, and POCs where available.

Goal Reached Thanks to every supporter — we hit 100%!

LearnPress – WordPress LMS Plugin for Create and Sell Online Courses — Vulnerabilities & Security Advisories 32