Description
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.1 via the check_answer. This makes it possible for unauthenticated attackers to extract the correct-answer markers, full option lists, explanations, and question content for any quiz question on the site — including questions belonging to paid courses the attacker is not enrolled in.
Published: 2026-07-17
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/course/class-lp-course-no-required-enroll.php#L145 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/lp-template-functions.php#L1422 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L181 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L434 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L54 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L80 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/course/class-lp-course-no-required-enroll.php#L145 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/lp-template-functions.php#L1422 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L181 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L434 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L54 cve-icon
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L80 cve-icon
https://plugins.trac.wordpress.org/changeset?reponame=&old=3603546%40learnpress&new=3603546%40learnpress cve-icon
https://www.wordfence.com/threat-intel/vulnerabilities/id/ee3bbf20-43fd-4977-b0ba-b81e7a3810d0?source=cve cve-icon
History

Fri, 17 Jul 2026 05:00:00 +0000

Type Values Removed Values Added
Description The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.1 via the check_answer. This makes it possible for unauthenticated attackers to extract the correct-answer markers, full option lists, explanations, and question content for any quiz question on the site — including questions belonging to paid courses the attacker is not enrolled in.
Title LearnPress <= 4.4.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure via /lp/v1/users/check-answer and /start-quiz REST Endpoints
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-07-17T03:43:42.953Z

Reserved: 2026-06-29T19:46:50.351Z

Link: CVE-2026-13765

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses