Missing Authorization Vulnerability in ThimPress LearnPress Plugin
CVE-2025-66054

Currently unrated

Key Information:

Vendor

WordPress
Status
Learnpress
Vendor
CVE Published:
18 December 2025

What is CVE-2025-66054?

The Missing Authorization vulnerability in ThimPress LearnPress allows unauthorized access due to incorrectly configured access control security levels. This flaw exposes sensitive functionalities of the plugin to malicious actors. Affected versions include LearnPress from n/a up to 4.2.9.4, making it essential for users to apply updates promptly to mitigate potential risks.

Affected Version(s)

LearnPress <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/lear...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

benzdeus | Patchstack Bug Bounty Program
JSON
.
CVE-2025-66054 : Missing Authorization Vulnerability in ThimPress LearnPress Plugin