cleantalk
Vulnerabilities and Security Researches

LearnPress – WordPress LMS Plugin, CVE-2026-7648

CVE, Research URL

CVE-2026-7648

Home page URL

Security reports for LearnPress – WordPress LMS Plugin

Application

LearnPress – WordPress LMS Plugin

Published on
May 14, 2026
Research Description
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, which passes the unsanitized parameter array to the add_to_cart() function where array_merge() allows attacker-controlled values to overwrite hardcoded defaults. This makes it possible for authenticated attackers, with subscriber-level access and above, to enroll in any paid course entirely free of charge by supplying a quantity value of zero, which causes the order total to calculate as $0 and bypasses all payment gateway requirements.
Affected versions
max 4.3.6.
Status
vulnerable
Previous vulnerability researches
Simple GDPR Cookie Compliance (CVE-2026-24604) , Jan 27, 2026
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2019-25143) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (7d5b4ba83a5c6004460bf267fe534a359e1416b0) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2023-4013) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2025-1621) , Mar 14, 2025
New vulnerability
Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerce (CVE-2026-6962) , May 15, 2026
The Plus Addons for Elementor (CVE-2026-5243) , May 15, 2026
LearnPress – WordPress LMS Plugin (CVE-2026-7648) , May 15, 2026
Media Sync (CVE-2026-6670) , May 15, 2026
Royal Elementor Addons and Templates (CVE-2026-6504) , May 15, 2026