Deniz Mert

**Name of the Vulnerable Software and Affected Versions** LearnPress – WordPress LMS Plugin for WordPress versions up to and including 4.3.2.2 **Description** The LearnPress – WordPress LMS Plugin for WordPress is susceptible to unauthorized file deletion. This is caused by a discrepancy in parameter handling during the authorization check for the DELETE operation. The `/wp-json/lp/v1/material/{file id}` API endpoint utilizes `file id` from the URL path, while the permission callback validates `item id` from the request body. This allows authenticated attackers with teacher-level access to delete lesson material files uploaded by other teachers by sending a DELETE request with their own `item id` to bypass authorization while targeting another teacher's `file id`. **Recommendations** Versions prior to 4.3.2.2 should be updated.