EUVD-2026-22197
GHSA-fcmf-hc7m-63gh
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the delete_question_answer() function in all versions up to, and including, 4.3.2.8. The plugin exposes a wp_rest nonce in public frontend HTML (lpData) to unauthenticated visitors, and uses that nonce as the only security gate for the lp-load-ajax AJAX dispatcher. The delete_question_answer action has no capability or ownership check. This makes it possible for unauthenticated attackers to delete any quiz answer option by sending a crafted POST request with a publicly available nonce.
AnalysisAI
Unauthenticated data deletion in LearnPress WordPress LMS plugin (versions ≤4.3.2.8) allows remote attackers to delete arbitrary quiz answer options without authentication. The plugin exposes wp_rest nonces to unauthenticated visitors in public frontend HTML and uses this nonce as the sole security gate for its AJAX dispatcher, while the delete_question_answer() function lacks both capability and ownership verification. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all WordPress installations running LearnPress plugin ≤4.3.2.8 and document current versions. Within 7 days: Implement Web Application Firewall (WAF) rules to block REST API calls to wp-json endpoints containing 'delete_question_answer' or restrict access to quiz REST endpoints to authenticated users only. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today