Description
The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the get_item_permissions_check function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and last names. Other information such as social profile links and enrollment are also included.
Published: 2026-01-20
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthenticated Sensitive Information Disclosure
Action: Patch
AI Analysis

Impact

The vulnerability in LearnPress – WordPress LMS Plugin allows an attacker without authentication to query a REST API endpoint, enabling extraction of user personal details such as first and last names, social profile links, and enrollment data. This is a classic case of missing authorization, classified under CWE-862, where the get_item_permissions_check function does not enforce sufficient access controls. The exposed data can compromise user privacy and may aid in further attacks or profiling.

Affected Systems

The LearnPress – WordPress LMS Plugin for WordPress, versions up to and including 4.3.2.4, is affected. Users running any of these releases on WordPress sites are potentially vulnerable.

Risk and Exploitability

The CVSS score of 5.3 places this flaw in the medium severity range, and the EPSS score of less than 1% suggests a low likelihood of widespread exploitation. The vulnerability has not been listed in CISA’s KEV catalog, indicating no known actively used exploitation. Attackers could exploit the publicly accessible REST API endpoint without credentials, making the attack vector network-visible and simple to trigger. Given these factors, the risk is moderate, but not negligible, and remediation should be prioritized.

Generated by OpenCVE AI on April 21, 2026 at 23:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the LearnPress plugin to a version newer than 4.3.2.4, which removes the unauthenticated access to the REST endpoint.
  • If an immediate update is not possible, disable the LP REST Users v1 controller API endpoint or restrict it with a plugin or firewall rule that blocks unauthenticated REST calls to that route.
  • Configure site‑wide access controls for REST API endpoints to ensure only authenticated users can access user data, using WordPress role capabilities or a security plugin.

Generated by OpenCVE AI on April 21, 2026 at 23:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 20 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 20 Jan 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Thimpress
Thimpress learnpress
Wordpress
Wordpress wordpress
Vendors & Products Thimpress
Thimpress learnpress
Wordpress
Wordpress wordpress

Tue, 20 Jan 2026 04:00:00 +0000

Type Values Removed Values Added
Description The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the get_item_permissions_check function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and last names. Other information such as social profile links and enrollment are also included.
Title LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Thimpress Learnpress
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:59:58.470Z

Reserved: 2025-12-16T19:24:38.118Z

Link: CVE-2025-14798

cve-icon Vulnrichment

Updated: 2026-01-20T20:28:35.990Z

cve-icon NVD

Status : Deferred

Published: 2026-01-20T04:15:57.667

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-14798

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T00:00:03Z

Weaknesses