cleantalk
Vulnerabilities and Security Researches

LearnPress Export Import – WordPress extension for LearnPress, CVE-2026-1787

CVE, Research URL

CVE-2026-1787

Home page URL

Security reports for LearnPress Export Import – WordPress extension for LearnPress

Application

LearnPress Export Import – WordPress extension for LearnPress

Published on
Feb 21, 2026
Research Description
The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_migrated_data' function in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to delete course that have been migrated from Tutor LMS. The Tutor LMS plugin must be installed and activated in order to exploit the vulnerability.
Affected versions
max 4.1.1.
Status
vulnerable
Previous vulnerability researches
Code Snippets CPT (CVE-2024-13895) , Mar 08, 2025
Easy Code Snippets (CVE-2025-23780) , Jan 18, 2025
Easy Code Snippets (CVE-2022-4974) , Nov 15, 2024
Easy Code Snippets (CVE-2024-11464) , Dec 08, 2024
Easy Code Snippets (9c520bd00fffb08cd81aff79a4b766b6b389dacd) , Jun 07, 2024
New vulnerability
QuestionPro Surveys (CVE-2026-1901) , Apr 16, 2026
Show YouTube video (CVE-2026-1825) , Apr 16, 2026
True Ranker (CVE-2026-1085) , Apr 16, 2026
WPlyr Media Block (CVE-2026-0724) , Apr 16, 2026
LotekMedia Popup Form (CVE-2026-2420) , Apr 16, 2026