The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.1 via the check_answer. This makes it possible for unauthenticated attackers to extract the correct-answer markers, full option lists, explanations, and question content for any quiz question on the site — including questions belonging to paid courses the attacker is not enrolled in.
References
Link Providers
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/course/class-lp-course-no-required-enroll.php#L145 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/lp-template-functions.php#L1422 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L181 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L434 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L54 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L80 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/course/class-lp-course-no-required-enroll.php#L145 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/lp-template-functions.php#L1422 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L181 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L434 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L54 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L80 cve-icon
https://plugins.trac.wordpress.org/changeset?reponame=&old=3603546%40learnpress&new=3603546%40learnpress cve-icon
https://www.wordfence.com/threat-intel/vulnerabilities/id/ee3bbf20-43fd-4977-b0ba-b81e7a3810d0?source=cve cve-icon
History

Fri, 17 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 17 Jul 2026 07:30:00 +0000

Type Values Removed Values Added
First Time appeared Thimpress
Thimpress learnpress – Wordpress Lms Plugin For Create And Sell Online Courses
Wordpress
Wordpress wordpress
Vendors & Products Thimpress
Thimpress learnpress – Wordpress Lms Plugin For Create And Sell Online Courses
Wordpress
Wordpress wordpress

Fri, 17 Jul 2026 05:00:00 +0000

Type Values Removed Values Added
Description The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.1 via the check_answer. This makes it possible for unauthenticated attackers to extract the correct-answer markers, full option lists, explanations, and question content for any quiz question on the site — including questions belonging to paid courses the attacker is not enrolled in.
Title LearnPress <= 4.4.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure via /lp/v1/users/check-answer and /start-quiz REST Endpoints
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-07-17T18:05:38.965Z

Reserved: 2026-06-29T19:46:50.351Z

Link: CVE-2026-13765

cve-icon Vulnrichment

Updated: 2026-07-17T12:35:03.390Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-17T07:15:11Z