Sensitive Information Exposure in LearnPress WordPress LMS Plugin
CVE-2026-13765

7.5HIGH

What is CVE-2026-13765?

The LearnPress plugin for WordPress, designed for creating and selling online courses, contains a vulnerability that allows unauthenticated attackers to access sensitive information. This exposure lets malicious users retrieve correct-answer markers, full options for quizzes, detailed explanations, and questions from quizzes, including those linked to premium courses. The vulnerability affects all versions up to and including 4.4.1, posing a significant risk to course developers and educators who rely on this plugin for online learning.

Affected Version(s)

LearnPress โ€“ WordPress LMS Plugin for Create and Sell Online Courses 0 <= 4.4.1

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

์ด์„ฑ๋ฏผ
.