cleantalk
Vulnerabilities and Security Researches

LearnPress Export Import – WordPress extension for LearnPress, CVE-2026-1787

CVE, Research URL

CVE-2026-1787

Home page URL

Security reports for LearnPress Export Import – WordPress extension for LearnPress

Application

LearnPress Export Import – WordPress extension for LearnPress

Published on
Feb 21, 2026
Research Description
The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_migrated_data' function in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to delete course that have been migrated from Tutor LMS. The Tutor LMS plugin must be installed and activated in order to exploit the vulnerability.
Affected versions
max 4.1.1.
Status
vulnerable
Previous vulnerability researches
Essential Widgets (CVE-2026-0867) , Apr 15, 2026
Essential Widgets (CVE-2025-67543) , Jan 10, 2026
Essential Widgets (CVE-2021-24752) , Jun 07, 2024
New vulnerability
Employee Directory – Staff Directory and Listing (CVE-2026-1279) , Apr 16, 2026
Advance Block Extend (CVE-2026-1646) , Apr 16, 2026
All push notification for WP (CVE-2026-0816) , Apr 16, 2026
Slideshow Wp (CVE-2026-1885) , Apr 16, 2026
XO Event Calendar (CVE-2026-0556) , Apr 16, 2026