Vulnerabilities

CVE-2025-14798 - LearnPress – WordPress LMS Plugin <= 4.3.2.4 - missing authorization to unauthen...

2026-01-20 0 views admin

CVE ID : CVE-2025-14798 Published : 20 Jan 2026, 4:15 a.m. | 18 minutes ago Description : The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the get_item_permissions_check function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and last names. Other information such as social profile links and enrollment are also included. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-14798

Severity

MEDIUM

Affected Product: WordPress

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-14798mediumwordpress

CVE-2025-14798 - LearnPress – WordPress LMS Plugin <= 4.3.2.4 - missing authorization to unauthen...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-14533 - Advanced Custom Fields: Extended <= 0.9.2.1 - unauthenticated privilege escalati...

CVE-2025-41084 - Stored Cross-Site Scripting (XSS) in Sesame web application

CVE-2025-66523 - Reflected Cross-Site Scripting (XSS) Vulnerability in na1.foxitesign.foxit.com v...

CVE-2026-1223 - BROWAN COMMUNICATIONS ｜PrismX MX100 AP controller - Insufficiently Protected Cred...

Trending

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

Tech: Data is the only moat

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

Tech: AWS European Sovereign Cloud

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3