CVE-2026-3226

Name of the Vulnerable Software and Affected Versions LearnPress – WordPress LMS Plugin versions up to and including 4.3.2.8

Description The LearnPress – WordPress LMS Plugin is susceptible to unauthorized email notification triggering. This occurs because of missing capability checks in all 10 functions within the SendEmailAjax class. The AbstractAjax::catch lp ajax() dispatcher verifies a wp rest nonce but does not perform a current user can() check before dispatching to handler functions. The wp rest nonce is embedded in the frontend JavaScript for all authenticated users. This allows authenticated attackers with Subscriber-level access or higher to trigger arbitrary email notifications to administrators, instructors, and users. This can lead to email flooding, social engineering, and impersonation of administrative decisions regarding instructor requests.

Recommendations Versions up to and including 4.3.2.8 should be updated to a newer, fixed version when available.