CVE-2025-14798
Sensitive Information Exposure in LearnPress Plugin Allows Data Leak
Publication date: 2026-01-20
Last updated on: 2026-01-20
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| thimpress | learnpress | to 4.3.2.4 (inc) |
| thimpress | learnpress | 4.3.2.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-14798 is a vulnerability in the LearnPress WordPress LMS plugin (up to version 4.3.2.4) where unauthenticated attackers can access sensitive user information such as first names, last names, social profile links, and enrollment data via the get_item_permissions_check function. Additionally, the plugin's REST API has a critical flaw in the password reset endpoint, which lacks proper permission checks, allowing anyone to trigger password reset emails for any user without authentication. This can lead to unauthorized access or account takeover. [2]
How can this vulnerability impact me? :
This vulnerability can expose sensitive personal information of users to unauthenticated attackers, compromising user privacy. Moreover, the exposed password reset endpoint allows attackers to initiate password resets for arbitrary users, potentially enabling account takeovers through phishing or social engineering attacks. This can lead to unauthorized access to user accounts and possible site compromise. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the LearnPress plugin version is up to and including 4.3.2.4 and by testing the accessibility of the REST API password reset endpoint which has no authentication. You can use curl or similar tools to send a POST request to the /reset-password REST API endpoint and observe if it allows unauthenticated password reset requests. Example command: curl -X POST https://yourwordpresssite.com/wp-json/learnpress/v1/users/reset-password -d '{"username":"targetusername"}' -H 'Content-Type: application/json' -v. If the request succeeds without authentication, the vulnerability is present. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the LearnPress plugin to a version later than 4.3.2.4 where this vulnerability is fixed. If an update is not immediately possible, restrict access to the REST API endpoints related to user management, especially the password reset endpoint, by implementing authentication or IP restrictions. Additionally, monitor for suspicious password reset requests and consider disabling the vulnerable REST API endpoints temporarily. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to access sensitive user information such as first names, last names, social profile links, and enrollment data. Exposure of such personal data can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access. Therefore, this vulnerability negatively impacts compliance with these common standards and regulations by risking unauthorized disclosure of personal data. [2]