Thimpress Learnpress – Wordpress Lms Plugin For Create And Sell Online Courses
33 CVEs affecting Thimpress Learnpress – Wordpress Lms Plugin For Create And Sell Online Courses. Latest disclosed: 2026-05-14. Critical: 5, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-8522 | Critical | 10.0 | 2024-09-12 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/cours… |
CVE-2024-8529 | Critical | 10.0 | 2024-09-12 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-co… |
CVE-2024-4434 | Critical | 9.8 | 2024-05-10 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and includi… |
CVE-2023-6567 | Critical | 9.8 | 2024-01-11 | The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to… |
CVE-2026-4365 | Critical | 9.1 | 2026-04-14 | The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the `delete_question_answer()` function in… |
CVE-2024-7548 | High | 8.8 | 2024-08-08 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'order' parameter in all versions up to, and inclu… |
CVE-2024-6589 | High | 8.8 | 2024-07-25 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'rende… |
CVE-2024-4397 | High | 8.8 | 2024-05-09 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materi… |
CVE-2024-2115 | High | 8.8 | 2024-04-05 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. This is due… |
CVE-2023-6634 | High | 8.1 | 2024-01-11 | The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due… |
CVE-2025-11372 | Medium | 6.5 | 2025-10-18 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to… |
CVE-2024-1289 | Medium | 6.5 | 2024-04-09 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due… |
CVE-2026-4333 | Medium | 6.4 | 2026-04-08 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'skin' attribute of the learn_press_courses sho… |
CVE-2025-14387 | Medium | 6.4 | 2025-12-15 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.3.1 due to insu… |
CVE-2024-13599 | Medium | 6.4 | 2025-01-25 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.7.5 due to in… |
CVE-2024-4971 | Medium | 6.4 | 2024-05-22 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and in… |
CVE-2024-4277 | Medium | 6.4 | 2024-05-10 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_html’ parameter in all versions up to… |
CVE-2024-3560 | Medium | 6.4 | 2024-04-19 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id value in all versions up to, and including… |
CVE-2025-14802 | Medium | 5.4 | 2026-01-07 | The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to unauthorized file deletion in versions up to, and including, 4.3.2.2 via the /wp-json/lp/v… |
CVE-2025-14798 | Medium | 5.3 | 2026-01-20 | The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the get_item_… |