WordPress LearnPress plugin <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'skin' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'skin' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin LearnPress versions = 4.3.3...

VulnCheck KEV: CVE-2024-11868

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course...

VulnCheck KEV: CVE-2025-11368

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...

CVE-2026-25002

Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress – Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress – Sepay Payment: from n/a through = 4.0.0...

CVE-2026-3226

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catchlpajax dispatcher verifies a...

CVE-2026-3225

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the deletequestionanswer function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The...

CVE-2026-1870

The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and including, 1.3.7...

EUVD-2026-15610

Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress Sepay Payment: from n/a through = 4.0.0...

CVE-2026-25002

Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress – Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress – Sepay Payment: from n/a through = 4.0.0...

CVE-2026-25002 WordPress LearnPress – Sepay Payment plugin <= 4.0.0 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress – Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress – Sepay Payment: from n/a through = 4.0.0...

CVE-2026-25002 WordPress LearnPress – Sepay Payment plugin <= 4.0.0 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress Sepay Payment: from n/a through = 4.0.0...

CVE-2026-25002

CVE-2026-25002 affects LearnPress – Sepay Payment (LearnPress plugin) with versions

CVE-2026-25002

Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress – Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress – Sepay Payment: from n/a through = 4.0.0...

WordPress plugin LearnPress – Sepay Payment 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-27880

Name of the Vulnerable Software and Affected Versions LearnPress – Sepay Payment versions n/a through 4.0.0 Description An authentication bypass issue exists in ThimPress LearnPress – Sepay Payment learnpress-sepay-payment, allowing for authentication abuse through the use of an alternate path or...

WordPress LearnPress plugin <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Quiz Answer Deletion vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin LearnPress versions = 4.3.2.8...

EUVD-2026-14610

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the deletequestionanswer function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The...

CVE-2026-3225

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the deletequestionanswer function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The...

CVE-2026-3225 LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the deletequestionanswer function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The...

CVE-2026-3225

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the deletequestionanswer function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The...