LearnPress – WordPress LMS Plugin < 4.3.0 – Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure | CVE 2025-11368 | Plugin Vulnerabilities

Description

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/load_content_via_ajax which allows arbitrary callback execution of admin-only template methods. This makes it possible for unauthenticated attackers to retrieve admin curriculum HTML, quiz questions with correct answers, course materials, and other sensitive educational content via the REST API endpoint granted they can supply valid numeric IDs.

Affects Plugins

Fixed in 4.3.0

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/0c9856db-3779-4649-9a48-1c7b6d019816

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Lucas Montes (Nirox)

Verified

No

WPVDB ID

5c40d803-87b3-437b-b514-1e85b43371a0

Timeline

Publicly Published

2025-11-20 (about 2 months ago)

Added

2025-11-20 (about 2 months ago)

Last Updated

2025-11-21 (about 2 months ago)

Other

Published

Title

Published

2023-07-19

Title

Essential Addons For Elementor < 5.8.2 - Unauthenticated MailChimp API Key Disclosure

Published

2025-06-05

Title

Simple History < 5.8.2 - Admin+ Sensitive Information Exposure via Detective Mode

Published

2025-12-12

Title

WPGraphQL Smart Cache < 2.0.1 - Unauthenticated Private Content Disclosure

Published

2025-02-11

Title

Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin < 1.0.6 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

Published

2023-12-28

Title

WP Stripe Checkout < 1.2.2.38 - Sensitive Information Exposure via Debug Log