cleantalk
Vulnerabilities and Security Researches

LearnPress – WordPress LMS Plugin, CVE-2025-13956

CVE, Research URL

CVE-2025-13956

Home page URL

Security reports for LearnPress – WordPress LMS Plugin

Application

LearnPress – WordPress LMS Plugin

Published on
Dec 16, 2025
Research Description
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the plugin's orders statistics, including total revenue summaries and order status counts
Affected versions
max 4.3.2.
Status
vulnerable
Previous vulnerability researches
Social Profilr (CVE-2025-49343) , Jan 06, 2026
New vulnerability
Advanced Product Fields (Product Addons) for WooCommerce (CVE-2025-13924) , Jan 11, 2026
Shortcode Ajax (CVE-2025-14539) , Jan 11, 2026
Wp Text Slider Widget (CVE-2025-68868) , Jan 11, 2026
Japanized For WooCommerce (CVE-2025-14886) , Jan 11, 2026
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2025-68040) , Jan 11, 2026