Insecure Direct Object Reference in LearnPress Plugin for WordPress
CVE-2026-11988

6.5MEDIUM

What is CVE-2026-11988?

The LearnPress plugin for WordPress, which facilitates online courses, contains a vulnerability that allows authenticated users with subscriber access or higher to exploit an Insecure Direct Object Reference through the 'userId' parameter. This lack of proper validation enables them to view enrollment progress and completion data intended for instructors or administrators. Regular subscribers remain unaffected due to existing access controls, but users designated as instructors (LP_TEACHER_ROLE) or administrators are at risk of exposure. It is crucial for site administrators to review and apply necessary security updates to mitigate this risk.

Affected Version(s)

LearnPress – WordPress LMS Plugin for Create and Sell Online Courses 0 <= 4.3.9.1

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

javitoia
.