MEDIUM
LearnPress
CVE published 2026-06-17
CVE-2026-8383
The LearnPress WordPress plugin before 4.3.7 has a vulnerability allowing unauthenticated visitors to retrieve user roles, capabilities, and other sensitive information via a crafted request to a REST endpoint. This issue arises from the plugin's failure to properly gate the 'edit' context on one of its REST endpoints behind the 'edit_users' capability. As a result, attackers can exploit this vulnerabilit [truncated]