cleantalk
Vulnerabilities and Security Researches

LearnPress – WordPress LMS Plugin, CVE-2026-3225

CVE, Research URL

CVE-2026-3225

Home page URL

Security reports for LearnPress – WordPress LMS Plugin

Application

LearnPress – WordPress LMS Plugin

Published on
Mar 24, 2026
Research Description
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the delete_question_answer() function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catch_lp_ajax() dispatcher verifies a wp_rest nonce but performs no current_user_can() check, and the QuestionAnswerModel::delete() method only validates minimum answer counts without checking user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete answer options from any quiz question on the site.
Affected versions
max 4.3.3.
Status
vulnerable
Previous vulnerability researches
LearnPress Export Import – WordPress extension for LearnPress (CVE-2024-32588) , Jun 07, 2024
LearnPress Export Import – WordPress extension for LearnPress (CVE-2024-31241) , Jun 07, 2024
LearnPress Export Import – WordPress extension for LearnPress (CVE-2023-30487) , Jun 07, 2024
LearnPress Export Import – WordPress extension for LearnPress (CVE-2025-60200) , Nov 10, 2025
LearnPress Export Import – WordPress extension for LearnPress (CVE-2025-49992) , Nov 10, 2025
New vulnerability
Easy Author Image (CVE-2026-1373) , Apr 15, 2026
Cart All In One For WooCommerce (CVE-2026-2019) , Apr 15, 2026
Menu Icons by ThemeIsle (CVE-2026-1755) , Apr 15, 2026
Membership Plugin – Restrict Content (CVE-2026-1321) , Apr 15, 2026
Membership Plugin – Restrict Content (CVE-2026-1304) , Apr 15, 2026