PT-2026-60707 · Thimpress · Learnpress – Wordpress Lms Plugin For Create/Sell Online Courses

CVE-2026-13765

·

Publicado

2026-07-17

·

Atualizado

2026-07-17

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.1 via the check answer. This makes it possible for unauthenticated attackers to extract the correct-answer markers, full option lists, explanations, and question content for any quiz question on the site — including questions belonging to paid courses the attacker is not enrolled in.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-13765

Produtos afetados

Learnpress – Wordpress Lms Plugin For Create/Sell Online Courses