Primary

Context

LearnPress WordPress LMS Plugin Sensitive Information Exposure Vulnerability via REST API

Vulnerability

Patched

A vulnerability allowing sensitive information exposure has been identified in the LearnPress WordPress LMS Plugin, affecting versions through 4.3.2.4. The issue arises in the 'get_item_permissions_check' function, where missing authorization allows unauthenticated attackers to access sensitive user data, including first names, last names, social profile links, and enrollment information.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user information, including names, social profile links, and enrollment details.

Remediation

Users are advised to update the LearnPress WordPress LMS Plugin to version 4.3.2.5 or a newer patched version.

Added: Jan 20, 2026, 4:20 AM

Updated: Jan 20, 2026, 4:20 AM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

8.2

remediation

7.7

relevance

2.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

8.2

remediation

7.7

relevance

2.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LearnPress WordPress LMS Plugin Sensitive Information Exposure Vulnerability via REST API

Vulnerability

Impact

Remediation

Affected Products

LearnPress

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating