WordPress Plugin Vulnerabilities

LearnPress < 4.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion

Description

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the delete_question_answer() function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catch_lp_ajax() dispatcher verifies a wp_rest nonce but performs no current_user_can() check, and the QuestionAnswerModel::delete() method only validates minimum answer counts without checking user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete answer options from any quiz question on the site.

Affects Plugins

Plugin icon
learnpress
Fixed in 4.3.3

References

CVE
CVE-2026-3225
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/fc4afb78-fca6-4cc2-8e64-4785d93055e6

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Jack Pas (Dark.)
Verified
No
WPVDB ID
fda3ad27-9650-4edd-b118-81b813ecec7b

Timeline

Publicly Published
2026-03-23 (about 1 month ago)
Added
2026-03-23 (about 1 month ago)
Last Updated
2026-03-23 (about 1 month ago)

Other

Published
Title
Published
2026-04-29
Title
Classified Listing – AI-Powered Classified ads & Business Directory Plugin < 5.3.9 - Missing Authorization
Published
2024-02-26
Title
Categorify < 1.0.7.5 - Missing Authorization in categorifyAjaxAddCategory
Published
2024-04-05
Title
WP-Stateless – Google Cloud Storage < 3.4.1 - Missing Authorization to Limited Arbitrary Options Update
Published
2024-01-16
Title
Import and export users and customers < 1.24.7 - Missing Authorization via fire_cron REST endpoint
Published
2025-06-05
Title
oik < 4.15.2 - Missing Authorization