CVE-2025-66054

Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through = 4.2.9.4...

EUVD-2025-204053

Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through = 4.2.9.4...

CVE-2025-67536

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress learnpress allows Stored XSS.This issue affects LearnPress: from n/a through = 4.2.9.4...

CVE-2025-67536

CVE-2025-67536 is a Stored XSS in LearnPress (WordPress LMS Plugin) affecting LearnPress versions up to and including 4.2.9.4. The vulnerability is due to improper input neutralization during web page generation, enabling stored cross-site scripting. The issue is reflected across multiple sources...

EUVD-2025-198382

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...