Learnpress – wordpress lms plugin for create and sell online courses

This hub aggregates every CVE we track for Learnpress – wordpress lms plugin for create and sell online courses, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Web & CMS Plugins

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM24HIGH5CRITICAL5

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Learnpress – wordpress lms plugin for create and sell online courses.

CVE-2026-8502LearnPress <= 4.3.6 - Unauthenticated Sensitive Information Exposure via 'c_status' and 'return_type' Parameters5.3Jun 6, 2026
CVE-2026-7648LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment via 'quantity' Parameter4.3May 14, 2026
CVE-2026-4365LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion9.1Apr 14, 2026
CVE-2026-4333LearnPress <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'skin' Shortcode Attribute6.4Apr 8, 2026
CVE-2026-3225LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion4.3Mar 23, 2026
CVE-2026-3226LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering4.3Mar 12, 2026
CVE-2025-14798LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API5.3Jan 20, 2026
CVE-2025-14802LearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion5.4Jan 7, 2026
CVE-2025-13964LearnPress – WordPress LMS Plugin <= 4.3.2 - Missing Authentication to Unauthenticated Course Modification5.3Jan 6, 2026
CVE-2025-13956LearnPress – WordPress LMS Plugin <= 4.3.1 - Missing Authorization to Unauthenticated Orders Statistics Exposure5.3Dec 16, 2025
CVE-2025-14387LearnPress – WordPress LMS Plugin <= 4.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via get_profile_social6.4Dec 15, 2025
CVE-2025-11368LearnPress – WordPress LMS Plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure5.3Nov 21, 2025
CVE-2025-11372LearnPress – WordPress LMS Plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation6.5Oct 18, 2025
CVE-2024-13599LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (LP Instructor+) Stored Cross-Site Scripting via Lesson Name6.4Jan 25, 2025
CVE-2024-11868LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API5.3Dec 10, 2024

Product normalization is registry-driven with AI assist and human review. How it works