PatchSiren

LearnPress CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM LearnPress CVE published 2026-06-17

CVE-2026-8383

The LearnPress WordPress plugin before 4.3.7 has a vulnerability allowing unauthenticated visitors to retrieve user roles, capabilities, and other sensitive information via a crafted request to a REST endpoint. This issue arises from the plugin's failure to properly gate the 'edit' context on one of its REST endpoints behind the 'edit_users' capability. As a result, attackers can exploit this vulnerabilit [truncated]