CVE-2026-7565 - Vulnerability Details

- LearnPress <= 4.1.4 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'import-user-file' Parameter

Description

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read via Directory Traversal in all versions up to, and including, 4.1.4 via the 'import-user-file' parameter parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Published: 2026-06-06

Score: 4.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The LearnPress – Backup & Migration Tool plugin for WordPress contains a directory traversal flaw in the 'import-user-file' parameter that allows authenticated users with administrator or higher privileges to read arbitrary files on the server. This flaw enables the disclosure of sensitive data such as configuration files, credentials, or other private documents, thereby compromising the confidentiality of the system. The weakness is a classic Path Traversal error (CWE‑22).

Affected Systems

All installations of the thimpress LearnPress – Backup & Migration Tool plugin with version 4.1.4 or earlier are affected. Administrators who have access to the import functionality can exploit the vulnerability.

Risk and Exploitability

The CVSS score of 4.9 indicates a moderate impact when an attacker has the necessary admin-level credentials. The EPSS score is not available, and the vulnerability is not listed in CISA's KEV catalog, which suggests that widespread exploitation may not yet be observed. Attackers would need to be authenticated and possess appropriate permissions to reach the import functionality, making this a privileged exploitation scenario.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

thimpress

LearnPress – Backup & Migration Tool

unaffected

Version	Status	Constraints
`0`	affected	≤ 4.1.4

No data.

Vendor Product Confidence Versions

Thimpress

Learnpress – Backup & Migration Tool

100%

Version	Status	Scheme	Platform
`[0,4.1.4]`	affected	semver	—

Wordpress

80%

Version	Status	Scheme	Platform
`—`	unaffected	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade LearnPress Backup & Migration Tool to the latest version that removes the path traversal flaw.
If an upgrade is not immediately possible, restrict access to the ‘import-user-file’ function by disabling it or limiting it to non‑privileged roles.
Configure the server or PHP environment to enforce file access restrictions such as open_basedir or other directory traversal mitigations to prevent the flaw from being usable.

Generated by OpenCVE AI on June 6, 2026 at 04:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00212.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://plugins.trac.wordpress.org/browser/learnpress-import-export/tags/4.1.1/inc/admin/providers/learnpress/class-lp-import-user-data.php#L150
https://plugins.trac.wordpress.org/browser/learnpress-import-export/tags/4.1.1/inc/admin/providers/learnpress/class-lp-import-user-data.php#L190
https://plugins.trac.wordpress.org/browser/learnpress-import-export/tags/4.1.4/inc/admin/providers/learnpress/class-lp-import-user-data.php#L150
https://plugins.trac.wordpress.org/browser/learnpress-import-export/tags/4.1.4/inc/admin/providers/learnpress/class-lp-import-user-data.php#L190
https://plugins.trac.wordpress.org/browser/learnpress-import-export/trunk/inc/admin/providers/learnpress/class-lp-import-user-data.php#L150
https://plugins.trac.wordpress.org/browser/learnpress-import-export/trunk/inc/admin/providers/learnpress/class-lp-import-user-data.php#L190
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3546889%40learnpress-import-export&new=3546889%40learnpress-import-export&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/0f6d0ba7-f9e8-493b-9e6d-62f1c662e21e?source=cve

History

Sat, 06 Jun 2026 12:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 06 Jun 2026 04:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Thimpress Thimpress learnpress – Backup & Migration Tool Wordpress Wordpress wordpress
Vendors & Products		Thimpress Thimpress learnpress – Backup & Migration Tool Wordpress Wordpress wordpress

Sat, 06 Jun 2026 03:30:00 +0000

Type	Values Removed	Values Added
Description		The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read via Directory Traversal in all versions up to, and including, 4.1.4 via the 'import-user-file' parameter parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Title		LearnPress <= 4.1.4 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'import-user-file' Parameter
Weaknesses		CWE-22
References		https://plugins.trac.wordpress.org/browser/learnpress-import-export/tags/4.1.1/inc/admin/providers/learnpress/class-lp-import-user-data.php#L150 https://plugins.trac.wordpress.org/browser/learnpress-import-export/tags/4.1.1/inc/admin/providers/learnpress/class-lp-import-user-data.php#L190 https://plugins.trac.wordpress.org/browser/learnpress-import-export/tags/4.1.4/inc/admin/providers/learnpress/class-lp-import-user-data.php#L150 https://plugins.trac.wordpress.org/browser/learnpress-import-export/tags/4.1.4/inc/admin/providers/learnpress/class-lp-import-user-data.php#L190 https://plugins.trac.wordpress.org/browser/learnpress-import-export/trunk/inc/admin/providers/learnpress/class-lp-import-user-data.php#L150 https://plugins.trac.wordpress.org/browser/learnpress-import-export/trunk/inc/admin/providers/learnpress/class-lp-import-user-data.php#L190 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3546889%40learnpress-import-export&new=3546889%40learnpress-import-export&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/0f6d0ba7-f9e8-493b-9e6d-62f1c662e21e?source=cve
Metrics		cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}`

Subscriptions

Thimpress Learnpress – Backup & Migration Tool

Wordpress Wordpress

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2026-06-06T02:28:34.591Z

Updated: 2026-06-06T11:43:45.670Z

Reserved: 2026-04-30T20:25:12.316Z

Link: CVE-2026-7565

Vulnrichment

Updated: 2026-06-06T11:43:40.475Z

NVD

Status : Received

Published: 2026-06-06T04:17:35.460

Modified: 2026-06-06T04:17:35.460

Link: CVE-2026-7565

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-06T04:30:12Z

Weaknesses

CWE-22

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object