Primary

Context

LearnPress WordPress LMS Plugin Missing Authentication Vulnerability Allowing Unauthenticated Course Modification

Vulnerability

Patched

A vulnerability exists in the LearnPress WordPress LMS Plugin, in all versions through 4.3.2, due to a lack of proper capability checks in the 'catch_lp_ajax' function. This flaw enables unauthenticated attackers to alter course content by adding, removing, updating, or reordering sections, as well as modifying section items.

Impact

Exploitation of this vulnerability allows for unauthorized changes to course content, including the manipulation of sections and section items.

Reproduction

The vulnerability can be reproduced by sending an AJAX request to the 'catch_lp_ajax' function without the necessary authentication. This can be done by omitting the 'nonce' parameter or by not verifying the referer, which should match the site's domain.

Remediation

Users are advised to update the LearnPress WordPress LMS Plugin to version 4.3.2.1 or a newer patched version.

Added: Jan 6, 2026, 9:20 AM

Updated: Jan 6, 2026, 9:20 AM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

8.6

remediation

7.7

relevance

1.8

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

8.6

remediation

7.7

relevance

1.8

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LearnPress WordPress LMS Plugin Missing Authentication Vulnerability Allowing Unauthenticated Course Modification

Vulnerability

Impact

Reproduction

Remediation

Affected Products

LearnPress

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating