Description
The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request
Published: 2026-06-17
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The LearnPress WordPress plugin contains an unprotected REST endpoint that fails to enforce the edit_users capability on the edit context. The flaw allows an unauthenticated visitor to request data for any user that the plugin exposes through the API, retrieving each user's roles, full capabilities map, extra capabilities, locale, and registration date. This information disclosure elevates confidentiality risk and can assist attackers in mapping user privilege levels, facilitating subsequent targeted attacks.

Affected Systems

learnpress plugin for WordPress versions earlier than 4.3.7 are affected. The vulnerability exists in all installations that have not applied the latest fixed release.

Risk and Exploitability

The CVSS score of 5.3 denotes moderate severity, and the EPSS probability is below 1 %, indicating that exploitation is currently unlikely. The vulnerability is not listed in the CISA KEV catalog. An attacker can exploit it by constructing a crafted REST request to the vulnerable endpoint without any authentication. No additional credentials or system compromise are required, so the attack vector is remote and straightforward.

Generated by OpenCVE AI on June 18, 2026 at 14:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the LearnPress plugin to version 4.3.7 or later to apply the vendor fix.
  • If an update cannot be performed immediately, use a web‑application firewall or similar security plugin to block unauthenticated access to the LearnPress REST endpoints.
  • Review your WordPress installation for other exposed REST routes and consider disabling or hardening them to reduce information leakage.

Generated by OpenCVE AI on June 18, 2026 at 14:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Learnpress
Learnpress learnpress
Wordpress
Wordpress wordpress
Vendors & Products Learnpress
Learnpress learnpress
Wordpress
Wordpress wordpress

Wed, 17 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-862
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request
Title LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API
References

Subscriptions

Learnpress Learnpress
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2026-06-17T10:46:26.753Z

Reserved: 2026-05-12T09:19:47.748Z

Link: CVE-2026-8383

cve-icon Vulnrichment

Updated: 2026-06-17T10:46:18.510Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:42:29Z

Weaknesses