cleantalk
Vulnerabilities and Security Researches

LearnPress – WordPress LMS Plugin, CVE-2026-8383

CVE, Research URL

CVE-2026-8383

Home page URL

Security reports for LearnPress – WordPress LMS Plugin

Application

LearnPress – WordPress LMS Plugin

Published on
Jun 17, 2026
Research Description
The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request
Affected versions
max 4.3.7.
Status
vulnerable
Previous vulnerability researches
Melhor Envio (13a83e5dd59fa8c582fb848c15bfdc1f39429314) , Jun 06, 2024
Melhor Envio (CVE-2026-54804) , Jun 19, 2026
Melhor Envio (CVE-2024-13820) , Apr 09, 2025
New vulnerability
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (CVE-2026-11777) , Jun 19, 2026
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (CVE-2026-11776) , Jun 19, 2026
LearnPress – WordPress LMS Plugin (CVE-2026-8383) , Jun 19, 2026
WP Travel Gutenberg Blocks (CVE-2026-54808) , Jun 19, 2026
BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support (CVE-2026-12157) , Jun 19, 2026