Learnpress
This hub aggregates every CVE we track for Learnpress, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
52
CVEs tracked
8
Critical
14
High
0
In CISA KEV
Severity distribution
MEDIUM30HIGH14CRITICAL8
Monthly trend
3
3
2
0
0
3
2
0
1
0
2
0
0
0
0
0
0
2
0
0
0
0
0
1
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Learnpress.
- CVE-2026-48865WordPress LearnPress plugin <= 4.3.6 - Reflected Cross Site Scripting (XSS) vulnerability7.1
- CVE-2025-66054WordPress LearnPress plugin <= 4.2.9.4 - Broken Access Control vulnerability7.5
- CVE-2025-67536WordPress LearnPress plugin <= 4.2.9.4 - Cross Site Scripting (XSS) vulnerability6.5
- CVE-2024-13128LearnPress – WordPress LMS Plugin < 4.2.7.5.1 - Admin+ Stored XSS4.8
- CVE-2024-13127LearnPress – WordPress LMS Plugin < 4.2.7.5.1 - Admin+ Stored XSS4.8
- CVE-2025-22739WordPress LearnPress plugin <= 4.2.7.5 - Broken Access Control vulnerability5.3
- CVE-2025-24740WordPress Learnpress plugin <= 4.2.7.1 - Open Redirection vulnerability4.7
- CVE-2024-13599LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (LP Instructor+) Stored Cross-Site Scripting via Lesson Name6.4
- CVE-2024-9881LearnPress < 4.2.7.2 - Admin+ Stored XSS4.8
- CVE-2024-10010LearnPress < 4.2.7.2 - Admin+ Stored XSS4.8
- CVE-2024-11868LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API5.3
- CVE-2024-8529LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields'10.0
- CVE-2024-8522LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields'10.0
- CVE-2024-39641WordPress LearnPress plugin <= 4.2.6.8.2 - Cross Site Request Forgery (CSRF) vulnerability4.3
- CVE-2024-39642WordPress LearnPress plugin <= 4.2.6.8.2 - Insecure Direct Object References (IDOR) vulnerability6.5
Product normalization is registry-driven with AI assist and human review. How it works