Sensitive Information Exposure in LearnPress WordPress LMS Plugin
CVE-2026-13765
7.5HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 17 July 2026
What is CVE-2026-13765?
The LearnPress plugin for WordPress, designed for creating and selling online courses, contains a vulnerability that allows unauthenticated attackers to access sensitive information. This exposure lets malicious users retrieve correct-answer markers, full options for quizzes, detailed explanations, and questions from quizzes, including those linked to premium courses. The vulnerability affects all versions up to and including 4.4.1, posing a significant risk to course developers and educators who rely on this plugin for online learning.
Affected Version(s)
LearnPress โ WordPress LMS Plugin for Create and Sell Online Courses 0 <= 4.4.1