795 matches found
CVE-2026-3225
The LearnPress – WordPress LMS Plugin is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in delete_question_answer() of the EditQuestionAjax class, affecting all versions up to and including 4.3.2.8. The AbstractAjax::catch_lp_ajax() dispatcher verif...
CVE-2026-3225 LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the deletequestionanswer function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The...
WordPress plugin LearnPress – WordPress LMS Plugin 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-27250
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the delete question answer function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catch ...
EUVD-2026-12184
The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and including, 1.3.7...
CVE-2026-1870
The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and including, 1.3.7...
WordPress LearnPress – Sepay Payment plugin <= 4.0.0 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by Arif Shaikh in WordPress Plugin LearnPress Sepay Payment versions = 4.0.0...
CVE-2026-1870 Thim Kit for Elementor <= 1.3.7 - Missing Authorization to Unauthenticated Private Course Disclosure
The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and including, 1.3.7...
CVE-2026-1870 Thim Kit for Elementor <= 1.3.7 - Missing Authorization to Unauthenticated Private Course Disclosure
The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and including, 1.3.7...
CVE-2026-1870
The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and including, 1.3.7...
CVE-2026-1870
The CVE-2026-1870 case concerns the WordPress plugin Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor, affected up to version 1.3.7. The vulnerability arises from missing validation in the REST endpoint thim-ekit/archive-course/get-courses, allowing unauthenticated attackers t...
PT-2026-25505
The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and including, 1.3.7...
CVE-2026-3226
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catchlpajax dispatcher verifies a...
CVE-2026-3226 LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catchlpajax dispatcher verifies a...
CVE-2026-3226
The LearnPress plugin for WordPress (LearnPress – WordPress LMS Plugin) contains CVE-2026-3226: versions up to 4.3.2.8 allow unauthorized email notification triggering due to missing capability checks in the SendEmailAjax class. The AbstractAjax::catch_lp_ajax() dispatcher verifies a wp_rest nonc...
CVE-2026-3226
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catchlpajax dispatcher verifies a...
EUVD-2026-11509
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catchlpajax dispatcher verifies a...
CVE-2026-3226 LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catchlpajax dispatcher verifies a...
WordPress LearnPress plugin <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Email Notification Triggering vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin LearnPress versions = 4.3.2.8...
WordPress plugin LearnPress – WordPress LMS Plugin 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...