LearnPress <= 4.2.7.3 is vulnerable to Course Material Sensitive Information Exposure via REST API vulnerability

Unauthenticated

Published
2024-12-09

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course material.

CVE

https://www.cve.org/CVERecord?id=CVE-2024-11868

CVSS

Score:5.3

Severity:Medium

Version: 4.2.7.3

There is a patch available in v4.2.7.4 and we strongly recommend you update to this version as soon as possible.