Tag: learnpress

All the articles with the tag "learnpress".

• [CVE-2025-11368] LearnPress REST Endpoint Leaks Quiz Answers and Other Confidential Course Content

  21 Nov, 2025

  A missing capability check in a LearnPress REST route lets anyone harvest curriculum HTML, quiz questions and their correct answers without logging in.

• [CVE-2025-11372] Unauthenticated REST call in LearnPress lets anyone reshape your WordPress database

  18 Oct, 2025

  All LearnPress versions up to 4.2.9.3 register an admin-only REST endpoint with a permissive permission callback. Any Internet user can drop or create indexes on arbitrary database tables, including wp_options, and grind a site to a halt.