CVE-2025-11372
BaseFortify
Publication date: 2025-10-18
Last updated on: 2025-10-21
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | wordpress | * |
| wordfence | learnpress | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the LearnPress WordPress LMS Plugin up to version 4.2.9.2. It is caused by missing capability checks on the Admin Tools REST endpoints, which are registered with a permission callback that always returns true, allowing unauthenticated attackers to access them. As a result, attackers can perform destructive database operations such as dropping indexes on any table (including core WordPress tables like wp_options), creating duplicate configuration entries, and degrading site performance by exploiting the /wp-json/lp/v1/admin/tools/create-indexs endpoint if they provide table names. [3]
How can this vulnerability impact me? :
This vulnerability can allow unauthenticated attackers to perform destructive actions on your WordPress database. They can drop indexes on any table, including critical WordPress core tables, which can lead to degraded site performance and potential data integrity issues. Attackers can also create duplicate configuration entries, further destabilizing the site. Overall, this can result in site instability, degraded performance, and potential loss of data or functionality. [3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring or attempting to access the vulnerable REST API endpoint `/wp-json/lp/v1/admin/tools/create-indexs` without authentication. Since the endpoint lacks proper permission checks, an unauthenticated request to this endpoint with crafted parameters (such as table names) could indicate exploitation attempts. You can use tools like curl to test this endpoint, for example: `curl -X POST https://yourwordpresssite.com/wp-json/lp/v1/admin/tools/create-indexs -d '{"table":"wp_options"}' -H 'Content-Type: application/json'`. Additionally, monitoring web server logs for POST requests to `/wp-json/lp/v1/admin/tools/create-indexs` from unknown or suspicious IPs can help detect attempts. There are no specific commands provided in the resources, but these general approaches apply. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the LearnPress plugin to a version later than 4.2.9.2 where the vulnerability is fixed (for example, version 4.2.9.4 or later). If updating is not immediately possible, restrict access to the vulnerable REST API endpoints by implementing firewall rules or web application firewall (WAF) rules to block unauthenticated access to `/wp-json/lp/v1/admin/tools/create-indexs` and related admin REST endpoints. Additionally, review and restrict permissions on the WordPress site to ensure only trusted administrators have access. Monitoring and cleaning suspicious database changes may also be necessary. [1, 3]