CVE-2026-13765 PUBLISHED

LearnPress <= 4.4.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure via /lp/v1/users/check-answer and /start-quiz REST Endpoints

Assigner: Wordfence
Reserved: 29.06.2026 Published: 17.07.2026 Updated: 17.07.2026

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.1 via the check_answer. This makes it possible for unauthenticated attackers to extract the correct-answer markers, full option lists, explanations, and question content for any quiz question on the site — including questions belonging to paid courses the attacker is not enrolled in.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 7.5

Product Status

Vendor thimpress
Product LearnPress – WordPress LMS Plugin for Create and Sell Online Courses
Versions Default: unaffected
  • affected from 0 to 4.4.1 (incl.)

Credits

  • 이성민 finder

References

Problem Types

  • CWE-862 Missing Authorization CWE