CVE-2025-14802
CVE-2025-14802 affects LearnPress – WordPress LMS Plugin for Create and Sell Online Courses. The vulnerability is an insecure direct object reference via the REST DELETE endpoint /wp-json/lp/v1/material/{file_id}. The permission check uses item_id from the request body, while the endpoint consume...