WordPress LearnPress plugin <= 4.3.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by VanTastic in WordPress Plugin LearnPress versions = 4.3.6...

EUVD-2026-20045

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'skin' attribute of the learnpresscourses shortcode in all versions up to and including 4.3.3. This is due to insufficient input sanitization and output escaping on the 'skin' shortcode...

WordPress LearnPress plugin <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'skin' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'skin' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin LearnPress versions = 4.3.3...

VulnCheck KEV: CVE-2024-11868

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course...

CVE-2026-24361

CVE-2026-24361 is a Stored XSS in the WordPress plugin LearnPress – Course Review, affected versions 4.1.9) or apply vendor-provided fixes. If upgrading, verify the plugin is updated to a version where the XSS is addressed. Other connected advisories corroborate the same vulnerability descriptio...

WordPress LearnPress – WordPress LMS Plugin plugin <= 4.3.2 - Missing Authentication to Unauthenticated Course Modification vulnerability

Missing Authentication to Unauthenticated Course Modification vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin LearnPress versions = 4.3.2...

CVE-2025-66054 WordPress LearnPress plugin <= 4.2.9.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through = 4.2.9.4...

CVE-2025-14387

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and abov...

CVE-2025-67536 WordPress LearnPress plugin <= 4.2.9.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress learnpress allows Stored XSS.This issue affects LearnPress: from n/a through = 4.2.9.4...

CVE-2025-67536

CVE-2025-67536 is a Stored XSS in LearnPress (WordPress LMS Plugin) affecting LearnPress versions up to and including 4.2.9.4. The vulnerability is due to improper input neutralization during web page generation, enabling stored cross-site scripting. The issue is reflected across multiple sources...

WordPress Plugin LearnPress Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin LearnPress, which stems...

WordPress LearnPress plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure vulnerability

Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure vulnerability discovered by Lucas Montes Nirox in WordPress Plugin LearnPress versions = 4.2.9.4...

CVE-2025-49992

The CVE-2025-49992 entry documents a Reflected XSS in the LearnPress Export Import (ThimPress LearnPress Export Import) WordPress plugin. Affected component: the learnpress-import-export module; affected versions are listed as through 4.0.9 (and Patchstack notes 4.1.0 as a fix). Root cause: impro...

WordPress LearnPress Export Import plugin <= 4.1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin LearnPress Export Import versions = 4.1.2...

WordPress LearnPress plugin <= 4.2.7.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by David Ojeda Guijarro Patchstack Alliance in WordPress Plugin LearnPress versions = 4.2.7.5...

WordPress Learnpress plugin <= 4.2.7.1 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Muhamad Agil Fachrian in WordPress Plugin LearnPress versions = 4.2.7.1...

WordPress LearnPress plugin < 4.2.7.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin LearnPress versions 4.2.7.2...

WordPress LearnPress plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields' vulnerability

Unauthenticated SQL Injection via 'conlyfields' vulnerability discovered by abrahack in WordPress Plugin LearnPress versions = 4.2.7...

WordPress LearnPress plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields' vulnerability

Unauthenticated SQL Injection via 'cfields' vulnerability discovered by abrahack in WordPress Plugin LearnPress versions = 4.2.7...

WordPress LearnPress plugin <= 4.2.6.9.3 - Authenticated (Contributor+) SQL Injection via order Parameter vulnerability

Authenticated Contributor+ SQL Injection via order Parameter vulnerability discovered by Lucio Sá in WordPress Plugin LearnPress versions = 4.2.6.9.3...