cleantalk
Vulnerabilities and Security Researches

LearnPress – WordPress LMS Plugin, CVE-2026-8383

CVE, Research URL

CVE-2026-8383

Home page URL

Security reports for LearnPress – WordPress LMS Plugin

Application

LearnPress – WordPress LMS Plugin

Published on
Jun 17, 2026
Research Description
The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request
Affected versions
max 4.3.7.
Status
vulnerable
Previous vulnerability researches
Tutor LMS BunnyNet Integration (CVE-2026-24584) , Jan 28, 2026
New vulnerability
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (CVE-2026-11777) , Jun 19, 2026
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (CVE-2026-11776) , Jun 19, 2026
LearnPress – WordPress LMS Plugin (CVE-2026-8383) , Jun 19, 2026
WP Travel Gutenberg Blocks (CVE-2026-54808) , Jun 19, 2026
BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support (CVE-2026-12157) , Jun 19, 2026