LearnPress WordPress Plugin Exposed to User Role Information Disclosure
CVE-2026-8383

Currently unrated

Key Information:

Vendor: WordPress
Status: Learnpress
Vendor: CVE Published:; 17 June 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-8383?

The LearnPress plugin for WordPress, versions prior to 4.3.7, contains a vulnerability in one of its REST endpoints that allows unauthenticated attackers to access sensitive user information. Without proper access controls, malicious users can retrieve a list of every user’s roles, capabilities, locale, and registration date using crafted API requests. This exposure poses a significant risk as it may allow attackers to leverage this information for further exploits.

Affected Version(s)

LearnPress 0 < 4.3.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-8383 - Proof of Concept

References

https://wpscan.com/vulnerability/b7cbf68b-62c5-4787-b84b-...

exploitvdb-entrytechnical-description

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 17, 2026
👾
Exploit known to exist
Jun 17, 2026
Vulnerability published
Jun 17, 2026
Vulnerability Reserved
May 12, 2026

Credit

dyingman1

WPScan

CVE-2026-8383 Data

JSON