LearnPress — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in LearnPress, with AI-generated Chinese analysis, references, and POCs.

Vendor: ThimPress

CVE ID	Title	CVSS	Severity	Paused
CVE-2025-66054	WordPress LearnPress plugin <= 4.2.9.4 - Broken Access Control vulnerability CWE-862	7.5	High	2025-12-18
CVE-2025-67536	WordPress LearnPress plugin <= 4.2.9.4 - Cross Site Scripting (XSS) vulnerability CWE-79	5.4^AI	Medium^AI	2025-12-09
CVE-2024-13127	LearnPress – WordPress LMS Plugin < 4.2.7.5.1 - Admin+ Stored XSS	4.8^AI	Medium^AI	2025-05-15
CVE-2024-13128	LearnPress – WordPress LMS Plugin < 4.2.7.5.1 - Admin+ Stored XSS	4.8^AI	Medium^AI	2025-05-15
CVE-2025-22739	WordPress LearnPress plugin <= 4.2.7.5 - Broken Access Control vulnerability CWE-862	5.3	Medium	2025-03-27
CVE-2025-24740	WordPress Learnpress plugin <= 4.2.7.1 - Open Redirection vulnerability CWE-601	4.7	Medium	2025-01-27
CVE-2024-9881	LearnPress < 4.2.7.2 - Admin+ Stored XSS	4.8	-	2024-12-12
CVE-2024-10010	LearnPress < 4.2.7.2 - Admin+ Stored XSS	4.8	-	2024-12-12
CVE-2024-39641	WordPress LearnPress plugin <= 4.2.6.8.2 - Cross Site Request Forgery (CSRF) vulnerability CWE-352	4.3	Medium	2024-08-26
CVE-2024-39642	WordPress LearnPress plugin <= 4.2.6.8.2 - Insecure Direct Object References (IDOR) vulnerability CWE-639	6.5	Medium	2024-08-13
CVE-2023-36515	WordPress LearnPress plugin <= 4.2.3 - Unauthenticated Broken Access Control vulnerability CWE-862	7.3	High	2024-06-19
CVE-2023-36516	WordPress LearnPress plugin <= 4.2.3 - Authenticated Broken Access Control vulnerability CWE-862	7.6	High	2024-06-19
CVE-2023-5558	LearnPress < 4.2.5.5 - Reflected Cross-Site Scripting	6.1	-	2024-01-16
CVE-2022-0377	LearnPress < 4.1.5 - Arbitrary Image Renaming	4.3	-	2022-02-28
CVE-2021-39348	LearnPress – WordPress LMS Plugin <= 4.1.3.1 Authenticated Stored Cross-Site Scripting CWE-80	5.5	Medium	2021-10-21
CVE-2018-16173	WordPress LearnPress 跨站脚本漏洞	6.1	-	2019-01-09
CVE-2018-16175	WordPress LearnPress SQL注入漏洞	7.2	-	2019-01-09
CVE-2018-16174	WordPress LearnPress 安全漏洞	6.1	-	2019-01-09

All 18 known CVE vulnerabilities affecting LearnPress with full Chinese analysis, references, and POCs where available.