CVE-2026-8383

MEDIUM 5.3

LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request

Vendor	unknown
Product	learnpress
Published	Jun 17, 2026
Last Updated	Jun 17, 2026

Stay Ahead of the Next One

Get instant alerts for unknown learnpress

Be the first to know when new medium vulnerabilities affecting unknown learnpress are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / LearnPress

0 < 4.3.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/b7cbf68b-62c5-4787-b84b-69df9e0122b2/

Credits

dyingman1 WPScan