What the vulnerability does
01Description
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/load_content_via_ajax which allows arbitrary callback execution of admin-only template methods. This makes it possible for unauthenticated attackers to retrieve admin curriculum HTML, quiz questions with correct answers, course materials, and other sensitive educational content via the REST API endpoint granted they can supply valid numeric IDs.
Explanation of Vulnerability in Simple Terms
02Summary
LearnPress versions up to 4.2.9.4 expose sensitive information that unauthenticated attackers can access over the network without user interaction. The vulnerability allows unauthorized disclosure of data through the plugin's API or data-handling mechanisms. Site administrators should update to a version newer than 4.2.9.4 to prevent information leakage.
What an attacker can do
03Attacker Capabilities
Read sensitive information from the site without logging in.
Potential impact on your site
04Site Impact
Confidential course data, user information, or plugin settings may be exposed to the public.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
November 21, 2025
CVE published
April 8, 2026
Record updated
