LearnPress – WordPress LMS Plugin for Create and Sell Online Courses

Vulnerabilities 74Slug learnpressLatest version 4.3.6WordPress.org →

Minimum safe version

4.3.6

Update to 4.3.6 or later to address 74 fixable vulnerabilities

Latest available4.3.6
N/A
2026-05-13< 4.3.6

LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment via 'quantity' Parameter

WordfenceCVE
N/A
2026-04-13< 4.3.3

LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion

WordfenceCVE
N/A
2026-03-11< 4.3.3

LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering

WordfenceCVE
N/A
2026-03-23< 4.3.3

LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion

WordfenceCVE
N/A
2026-04-07< 4.3.4

LearnPress <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'skin' Shortcode Attribute

WordfenceCVE
Medium 5.3
2026-01-20< 4.3.2.5

CVE-2025-14798

CVEWordfence
Medium 5.4
2026-01-07< 4.3.2.2

CVE-2025-14802

CVEWordfence
Medium 5.3
2026-01-06< 4.3.2.1

CVE-2025-13964

CVEWordfence
Medium 4.8
2024-12-12< 4.2.7.2

CVE-2024-10010

CVEWordfence
High 8.8
2024-05-10< 4.2.6.6

WordPress LearnPress Plugin <= 4.2.6.5 is vulnerable to Arbitrary File Upload

PatchstackCVEWordfence
Medium 6.1
2024-01-16< 4.2.5.5

CVE-2023-5558

CVEWPScan
N/A
2023-11-08< 4.2.5.4

WordPress LearnPress Plugin < 4.2.5.4 is vulnerable to Cross Site Scripting (XSS)

Patchstack
N/A
2023-11-07< 4.2.5.4

LearnPress <= 4.2.5.3 - Reflected Cross-Site Scripting via add_internal_scripts_to_head

Wordfence
N/A
2023-07-06< 4.2.3.1

LearnPress <= 4.2.3 - Missing Authorization

Wordfence
N/A
0000-00-00< 3.2.6.7

CVE-2020-7917

CVEWPScan
N/A
< 3.2.7.3

LearnPress &lt; 3.2.7.3 - CSRF &amp; XSS

WPScan
N/A
< 4.1.6.7

LearnPress &lt; 4.1.6.7 - Reflected Cross-Site Scripting

WPScan
N/A
2020-09-08< 3.2.7.3

LearnPress <= 3.2.7.2 - Reflected Cross-Site Scripting

Wordfence
N/A
2020-10-05< 3.2.7.3

LearnPress – WordPress LMS Plugin <= 3.2.7.2 - SQL Injection

Wordfence
N/A
2022-06-14< 4.1.6.6

LearnPress – WordPress LMS Plugin <= 4.1.6.5 - Reflected Cross-Site Scripting

Wordfence
N/A
2022-07-05< 4.1.6.8

LearnPress – WordPress LMS Plugin <= 4.1.6.7 - Reflected Cross-Site Scripting

Wordfence
N/A
2022-06-21< 4.1.6.7

WordPress LearnPress plugin <= 4.1.6.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2020-04-28< 3.2.6.9

WordPress LearnPress plugin <= 3.2.6.8 - Authenticated Page Creation and Status Modification vulnerability

PatchstackWordfenceCVEWPScan
N/A
2020-09-09< 3.2.7.3

WordPress LearnPress plugin <= 3.2.7.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Patchstack