CVE-2025-14798 LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the getitempermissionscheck function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and las...

PT-2026-3534

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the get item permissions check function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and...

WordPress LearnPress - WordPress LMS Plugin plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API vulnerability

WordPress LearnPress - WordPress LMS Plugin plugin = 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API vulnerability discovered by andrea bocchetti in WordPress Plugin LearnPress versions = 4.3.2.4...

CVE-2020-36232

The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it...

Design/Logic Flaw

The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it...