Authorization Bypass Vulnerability in WP Learn Manager Plugin for WordPress
CVE-2026-12153
9.8CRITICAL
What is CVE-2026-12153?
The WP Learn Manager plugin for WordPress is susceptible to an authorization bypass issue, allowing attackers without proper credentials to exploit the security flaw. This vulnerability permits unauthorized users to install and activate any plugins from the WordPress.org repository on compromised sites. As a result, the security of affected installations is significantly jeopardized, potentially leading to further exploitations and unauthorized access.
Affected Version(s)
WP Learn Manager 0 <= 1.1.8