CVE-2026-8383
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: WPScan

Description
The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-8383
EUVD
EUVD-2026-37558
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
thimpress learnpress to 4.3.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability CVE-2026-8383 affects the LearnPress WordPress plugin versions before 4.3.7. It allows unauthenticated users to access sensitive user information by sending a specially crafted REST API request to the endpoint `wp-json/learnpress/v1/users?context=edit`.

This happens because the plugin does not properly enforce the required `edit_users` capability check for the `edit` context, which is normally required by WordPress core. As a result, attackers can retrieve details such as user roles, full capabilities (including administrative permissions like `manage_options` and `install_plugins`), extra capabilities, locale settings, and registration dates for all users on the site.

This vulnerability is classified as medium severity with a CVSS score of 5.3 and is related to broken access control and missing authorization.

Impact Analysis

This vulnerability can impact you by exposing sensitive user information to unauthenticated attackers. The leaked information includes user roles and full capabilities, which may reveal administrative privileges and other sensitive permissions.

An attacker gaining this information could use it to plan further attacks, such as privilege escalation or targeted social engineering, potentially compromising the security of your WordPress site and its users.

Detection Guidance

This vulnerability can be detected by sending a crafted REST API request to the LearnPress plugin endpoint and observing if sensitive user information is returned without authentication.

  • Send an HTTP GET request to the endpoint: wp-json/learnpress/v1/users?context=edit
  • If the response includes user roles, full capabilities, extra capabilities, locale, and registration dates without requiring authentication, the system is vulnerable.
  • Example curl command to test the vulnerability: curl -X GET https://yourwordpresssite.com/wp-json/learnpress/v1/users?context=edit
Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the LearnPress WordPress plugin to version 4.3.7 or later, where the issue has been fixed.

Compliance Impact

The vulnerability allows unauthenticated users to access sensitive user information such as roles, capabilities, locale, and registration dates. This exposure of personal and potentially sensitive data can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require strict controls over access to personal data and user information.

Specifically, unauthorized disclosure of user roles and capabilities may increase the risk of privilege escalation or misuse of administrative functions, further complicating compliance with security standards that mandate proper access controls and data confidentiality.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8383. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart