Impact
The LearnPress WordPress plugin contains an unprotected REST endpoint that fails to enforce the edit_users capability on the edit context. The flaw allows an unauthenticated visitor to request data for any user that the plugin exposes through the API, retrieving each user's roles, full capabilities map, extra capabilities, locale, and registration date. This information disclosure elevates confidentiality risk and can assist attackers in mapping user privilege levels, facilitating subsequent targeted attacks.
Affected Systems
learnpress plugin for WordPress versions earlier than 4.3.7 are affected. The vulnerability exists in all installations that have not applied the latest fixed release.
Risk and Exploitability
The CVSS score of 5.3 denotes moderate severity, and the EPSS probability is below 1 %, indicating that exploitation is currently unlikely. The vulnerability is not listed in the CISA KEV catalog. An attacker can exploit it by constructing a crafted REST request to the vulnerable endpoint without any authentication. No additional credentials or system compromise are required, so the attack vector is remote and straightforward.
OpenCVE Enrichment