Impact
The LearnPress WordPress LMS plugin suffers from an Insecure Direct Object Reference that allows authenticated users with Subscriber or higher privileges to view the course enrollment progress and completion data of any teacher or administrator. This disclosure bypasses the intended restriction on cross‑subscriber data access and exposes sensitive instructor activity information. The vulnerability is classified as CWE‑639, indicating missing authorization checks on a user‑controlled key.
Affected Systems
All installations of the LearnPress LMS plugin version 4.3.9.1 and earlier are affected. The plugin is distributed by thimpress and is commonly used in WordPress sites that provide online courses.
Risk and Exploitability
The CVSS score of 6.5 indicates a moderate risk of disclosure. EPSS is not available, so there is no quantified probability of exploitation, and the vulnerability is not listed in CISA's KEV catalog. Attackers need to be authenticated and able to send requests to the rest‑API endpoint that accepts a "userId" parameter; no public exploit has been reported to date, but the impact on data confidentiality is significant for sites that handle instructor or admin information.
OpenCVE Enrichment